Yum! Brands Notifies Customers of Breach Following Ransomware Attack


April 10, 2023

World map

Yum! Brands is sending data breach notification letters to customers whose personal information was stolen in a January ransomware attack. Yum! owns popular brands including KFC, Pizza Hut, and Taco Bell.

“This comes after the company said that although some data was stolen from its network, it has no evidence that the attackers exfiltrated any customer information,” reports Bleeping Computer.

“In the breach notification letters sent to affected people starting Thursday, Yum! Brands revealed that it has now found out the attackers stole some individuals' personal information, including names, driver's license numbers, and other ID card numbers.”

Takeaway: Given how common it is for ransomware attacks to include the exfiltration of sensitive data, we should start talking about this issue as a data exfiltration attack problem that includes the delivery of a ransomware payload, instead of the other way around. While it may be a painful process to mitigate the impact of a ransomware attack, if the organization made the effort to build-in resilience to its incident response plans, it will recover. There is no recovery from data exfiltration - once the attackers have your data, it is beyond your control what happens to it.

It's not surprising that Yum! is just now notifying customers that their data was exposed in a ransomware operation that was first discovered months ago. Incident response and forensic examinations are complicated and take a considerable amount of time to complete. Most companies, especially those that are public and/or are in highly regulated industries typically try to be as transparent as they can be, but it takes time to understand how a complex attack took place and exactly what assets were impacted.

“One would think that – given how ransomware attacks are designed to reveal themselves to the victim, unlike other attacks – disclosure of the details would come swiftly. That’s not necessarily the case with these attacks that not only deliver ransomware but are also stealthy data exfiltration operations,” Jon Miller, CEO and co-founder of Halcyon, told Computer Weekly.

“Up to the point the ransomware payload is delivered, there is little difference between these cyber criminal ransomware operations and corporate or government espionage attacks. These are complex, multi-stage operations often involving multiple threat actors."

“Their goal, like that of their espionage-focused counterparts, is to be as quiet as possible while infiltrating as much of the targeted network and exfiltrating as much sensitive data as they can and then leveraging it for a bigger ransom demand,” said Miller.

“In most respects, the only difference between a corporate espionage operation and a ransomware attack is that in the latter the attackers plan on revealing the attack to the victim in time.”

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.