Search This Blog

Powered by Blogger.

Blog Archive

Labels

California Pizza Kitchen Spilled 100K+ Employee SSNs in Data Breach

The company is currently reviewing existing security policies and has implemented additional measures.

 

California Pizza Kitchen (CPK) data breach exposed the names and Social Security numbers (SSNs) of over 100,000 current and past workers.

According to a Data Breach Notification released on the Maine Attorney General's website, the "external system breach" happened on Sept. 15 at the popular U.S. pizza chain, impacting 103,767 people. CPK was formed in 1985 in Beverly Hills, California, and now has over 250 locations across 32 states. As per the statement, CPK identified suspicious behaviour in its computing environment on or about Sept. 15 and responded swiftly to mitigate and investigate the incident with third-party IT professionals. 

The company stated in the notice CPK sent to affected residents of Maine, “CPK immediately secured the environment and … launched an investigation to determine the nature and scope of the incident.” 

Following the notice, by Oct. 4, investigators had determined that some files on CPK's computers "could have been accessed without authorization." According to the company, by the end of the initial investigation on Oct. 13, it was evident that the breach had provided attackers with the names of previous and present employees, as well as their Social Security numbers. 

On Monday, Nov. 15, CPK notified all persons affected by the incident. According to the firm, there is no evidence that the information acquired has been misused by cybercriminals at this time. There have been no details released concerning the sort of breach that happened or how the attackers gained access to the system. CPK did not respond to Threatpost's request for comment on the incident right away.  

The firm is presently assessing existing security standards and has adopted additional measures – such as safeguards and employee training – to assist avoid future instances. 
 
Employee training, as per one security expert, is a critical component of preventing breaches like these, which are all too often at firms that have sensitive information on their networks but generally employ personnel who have no specialized expertise in how security breaches occur. 

Al-Khalidi, co-founder and co-CEO of security firm Axiad, stated in an email to Threatpost, “Every business like California Pizza Kitchen possesses valuable PII data which makes them a prime target for attackers. To help protect against attacks, enterprises need to ensure their employees practice good cybersecurity hygiene.” 

He believes that ongoing training may help reinforce a company's overall security defense by preventing employees from falling prey to phishing or other socially engineered assaults that can bring a whole IT system down.
Share it:

Data Breach

Data Leak

SSNs

User Data

User Data Leak

User Privacy

User Security

Users Credential