KFC parent Yum! shuts 300 restaurants after cyber attack

KFC and Pizza Hut-parent Yum! Brands has been forced to close around 300 outlets across the UK after it was hit with a ransomware attack earlier this week.

The fast food company said it initiated planned response protocols, including containment measures such as taking specific systems offline, as soon as the attack was detected. It also implemented enhanced monitoring technology in the immediate aftermath.

In an online statement the operator also said it has begun an investigation into the attack, which, according to sources, was carried out by a group that remains, as-yet, unspecified.

Yum also explained that it has notified cyber security and forensic professionals as well as US law enforcement.

“Less than 300 restaurants in the United Kingdom were closed for one day, but all stores are now operational,” said a company spokesperson.

“The company is actively engaged in fully restoring affected systems, which is expected to be largely complete in the coming days.”

Although data was taken from the network, and an investigation is ongoing, at this stage there is no evidence that customer databases were stolen, the company concluded.

The Yum! Brands incident joins a growing list of ransomware victims so far in 2023, demonstrating that there has been no let-up in the number of data breaches.

One hacker warned that businesses lax security is to blame when it comes to cyber attacks, and companies are simply not getting the basics right in regards to implementing preventative measures.

“Hackers will always look for the low hanging fruit,” said Rob Shapland, ethical hacker and head of innovation at Falanx, “meaning businesses that have out of date systems, weak passwords, do not use multi-factor authentication and do not have cyberattack detection systems in place – making them easy targets.”

In a separate study, over 80% of company’s even admitted they don’t’ feel their data is protected well enough due to current security not being as up to speed as the data production.

“On a positive note,” Rapid7 senior vice-president and chief scientist Raj Samani told Computer Weekly, “Yum! Brands confirmed there was no evidence customer databases were stolen.”