PII of Job Applicants to ‘Five Guys’ Burger Chain Exposed in Data Breach

Five Guys, the American burger chain, has disclosed a data breach that exposed personally identifiable information (PII) of job applicants.

According to the burger joint, an intrusion was discovered on one of its servers in early autumn last year.

“We identified a security incident on September 17, 2022, that involved unauthorized access to files on a file server,” the Five Guys data breach notification reads. “We immediately implemented our incident response plan, took steps to contain the activity, and launched an investigation.”

While details of the incident are sparse, to say the least, the fast food chain began sending out data breach letters to impacted individuals on Dec. 29 after “carefully reviewing compromised files.”

Five Guys does give a bit of context on information that may have been exposed or stolen during the attack.

“We conducted a careful review of those files and, on December 8, 2022, determined that the files contained information submitted to us in connection with the employment process, including your name and [variable data],” the letter explains.

In this case, the [variable data] differs for each job applicant. According to Turke & Strauss LLP, a law firm helping impacted individuals, the information includes driver's license information and Social Security numbers.

The notice also says the company engaged with police and will provide credit monitoring and identity theft protection services to victims.

Given the potential financial harm to individuals, victims should remain vigilant, monitor financial accounts and review any statements from healthcare providers and insurers - as the form letter also indicates that some of the exfiltrated information may have included health data.

“If your health information was involved: It is always advisable to review any statements you may receive from your health insurer or healthcare providers,” the letter reads. “If you see charges for services that you did not receive, contact your insurer or provider immediately.”

With Bitdefender Ultimate Security plans (for the US only) you can protect your household devices with award-winning technologies that predict, prevent and remediate new and existing cyberthreats.

The all-in-one solution provides unlimited VPN traffic, and the cross-platform Password Manager and identity theft protection features including real-time fraud monitoring, data breach monitoring, credit report monitoring, fraud alerts, credit freeze and lost wallet assistance, and an insurance policy of up to $2 million, depending on the plan you choose.