[BreachExchange] California Pizza Kitchen spills over 100, 000 employee Social Security numbers

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Nov 18 14:31:16 EST 2021


https://techcrunch.com/2021/11/18/california-pizza-kitchen-data-breach/


California Pizza Kitchen (CPK) has revealed a data breach that exposed the
Social Security numbers of more than 100,000 current and former employees.

The U.S. pizza chain, which has more than 250 locations across 32 states,
confirmed the incident in a data breach notification posted this week. The
company said it learned of a “disruption” to its systems on September 15
and moved to “immediately secure” its environment. By October 4, the
company said it had determined cybercriminals had infiltrated its systems
and gained access to certain files, including employee names and SSNs.

While CPK didn’t confirm how many people are impacted by the breach, a
notification from the Maine attorney general’s office reported a total of
103,767 current and former employees — including eight Maine residents —
are affected. CPK employed around 14,000 people as of 2017, suggesting the
bulk of those affected are former employees. (TechCrunch contacted CPK for
more but did not immediately hear back.)

“Information security is among our highest priorities, and we have strict
security measures in place to protect information in our care,” CPK added.
“Upon discovering this incident, we immediately took steps to review and
reinforce the security of our computing environment. We are reviewing
existing security policies and have implemented additional measures to
further protect against similar incidents moving forward.”

However, while CPK is shoring up its security in light of the incident,
it’s unclear why it took the company two months to notify state authorities
of the intrusion. The company said its data breach notification “has not
been delayed by law enforcement.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211118/b8c25895/attachment.html>


More information about the BreachExchange mailing list