Yum! has confirmed that data was stolen during their January 2023 ransomware attack. Initially, they reported that no data was taken, but that claim has since been reversed.

Yum! owns Kentucky Fried Chicken (KFC), Pizza Hut, and Taco Bell and has been emailing a breach notification document to customers, informing them about what sort of information was taken during the attack. This includes customer names, driver's licence numbers and more. Much of the information would be useful to an attacker wishing to commit identity fraud or sell on the dark web.

300 UK stores shut down

On January 18th 2023, a ransomware attack forced Yum! to shut down 300 branches in the UK for a day. Yum! stated:

"While this incident caused temporary disruption, the company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results."

The company is offering free credit monitoring and identity protection services for two years to those affected. This includes credit monitoring, a $1,000,000 insurance reimbursement policy and fully managed identity restoration in the event that someone falls victim to identity theft. IDX, the company providing the cover, will also monitor the dark web to attempt to detect if customer data appears in illicit online forums.

Yum! is yet to state how many individual people's data was impacted by this event.