Ransomware attack hit KFC and Pizza Hut stores in the UK

Anyone fancying a quick bite to eat in the UK earlier this week may have found their choices more limited than usual on the high street.

Nearly 300 fast food restaurants, including branches of KFC and Pizza Hut, were forced to close following a ransomware attack against parent company Yum! Brands.

In a statement dated 18 January 2023, Yum! confirmed that unnamed ransomware had impacted some of its IT infrastructure, and that data had been exfiltrated by hackers from its servers.

However, although an investigation into the security breach continues, the company said that it had seen no evidence that customer details had been exposed.

"The Company is actively engaged in fully restoring affected systems, which is expected to be largely complete in the coming days. Although data was taken from the Company’s network and an investigation is ongoing, at this stage, there is no evidence that customer databases were stolen."

It's not clear from the parent company's statement, but it is possible that UK branches of KFC, Pizza Hut, and Taco Bell were closed for one day at the insistence of Yum! as a precautionary measure, while the scale of the breach was investigated.

Yum! says that it deployed "containment measures such as taking certain systems offline and implementing enhanced monitoring technology" after it detected the attack, and that impacted restaurants have now returned to normal operation.

What has not yet been made public, and may not even be known to those investigating the breach, is how long hackers might have had access to the company's IT infrastructure, and how they might have been able to gain access to what should have been a secure system.

Yum! has also not shared whether it has received a ransom demand from its attackers, and if it did how much ransom was demanded, and whether it would be prepared to negotiate with its extortionists.

On the face of things, the company behind brands like KFC and Pizza Hut could make a tasty snack for malicious hackers hungry to feast on another ransomware victim.  Yum! operates 53,000 restaurants around the world, earning $1.3 billion net profit annually.