Restaurant chain California Pizza Kitchen has exposed over 100,000 current and former employees' data to potential theft, the company admitted this week. The data at risk included staff names and Social Security numbers.
The data breach filing with the Maine Attorney General reported a total of 103,767 affected people, including eight residents of that state. The filing said the company discovered suspicious activity in its computing environment on September 15 and launched an investigation.
On October 4, it confirmed hackers could have accessed some files and then discovered the extent of the data theft by October 13.
The data that might have been compromised included names and Social Security numbers, the company said.
"There is no indication that individuals’ specific information was accessed or misused," said the document. "However, CPK is notifying all potentially impacted individuals out of an abundance of caution."
The company is offering a year of credit monitoring to those whose data might have been stolen.
RELATED RESOURCE
Protecting every edge to make hackers’ jobs harder, not yours
How to support and secure hybrid architectures
The Costa Mesa, California-based restaurant chain has nearly 200 restaurants across eight countries. Last month, it announced its expansion into Canada. The company, which filed for bankruptcy protection at the height of the pandemic last year, was reportedly considering a sale or IPO to refinance debt in July this year.
While the US still lacks a federal data breach notification law, each state has passed legislation requiring private businesses to notify individuals when their information is breached. Some, such as California and Virginia, have gone further with strict data protection laws that impose penalties for mishandling of personal data.
In June, Senator Kirsten Gillibrand (D-NY) introduced a bill to create a federal data privacy regulator.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
-
“Great resignation” sparks concern over insider data leaksNews New research unearths direct correlation between employees leaving and data theft
