KFC Drive thru at night showing ransomware attack

KFC, Pizza Hut, and Taco Bell Ransomware Attack Shuts Down 300 Restaurants in the UK

KFC, Pizza Hut, and Taco Bell parent company Yum! Brands confirmed a ransomware attack that leaked company data and shut down restaurants in the United Kingdom.

Yum! Brands said it initiated incident response protocols, including deploying containment measures, pulling some systems offline, and implementing enhanced monitoring technology. The company also began an investigation involving an unnamed external cyber forensics firm and notified federal law enforcement agencies in the United States.

Yum operates 53,000 restaurants in 155 territories, with 1,000 restaurants in the United Kingdom. The company owns assets worth over $5 billion and records about $1.3 billion in annual profits.

Ransomware attack shuts down 300 restaurants for a day

Nearly 300 restaurants in the United Kingdom closed for one day after a ransomware attack affected “certain information technology systems.”

However, Yum! quickly mitigated the ransomware attack, and all outlets resumed operations within 24 hours.

“With the ransomware being contained to a third of Yum! Brands UK outlets and the downtime being limited to 1 day – Yum! Brands have done relatively well recovering,” said Morten Gammelgard EVP, EMEA at BullWall. “The average amount of downtime for organizations when hit by Ransomware is approximately 24 days.”

Although the unnamed threat actors stole the company’s data, Yum! believes that “at this stage, there is no evidence that customer databases were stolen.”

However, Gammelgard doubts that hackers did not exfiltrate customer data.

“Although there is no evidence customer data was stolen, can we be sure that is the case?” Gammelgard noted. “The initial comments from companies hit by ransomware are often changed at a later date when the attack is fully investigated and more details on the attack come to light – this is the point where data breaches are usually disclosed.”

Similarly, David Maynor, Senior Director of Threat Intelligence at Cybrary, believes Yum’s claim was potentially misleading: “In all seriousness the statement by Yum that attackers had taken company data, but no user data was compromised is always troubling.”

Meanwhile, Yum said it was working to “fully restore affected systems” and does not expect further disruptions.

“While this incident caused temporary disruption, the Company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results,” the company wrote.

Yum withheld the identity of the threat actor responsible for the ransomware attack, the extortion amount demanded, and the attack vector used to compromise the company. The company also has not disclosed the nature of the stolen information and which branches were affected, although an instigation was still in progress.

History of data breaches

Yum! Brands fast food restaurants have suffered multiple cyber attacks in the past leaking customer data.

In 2016, KFC warned 1.2 million customers in the UK that hackers had potentially compromised their accounts through automated brute force attacks. The breach targeted the Colonel’s Club loyalty program that rewards members with redeemable virtual stamps after spending a preset amount using a physical card or the Android/iOS mobile app.

In 2017, Pizza Hut warned 60,000 customers that their personal information was potentially compromised via a “third-party security intrusion.” The incident involved a trove of personal information, including names, email and delivery addresses, and credit card information.

Wave of ransomware attacks in the UK

The United Kingdom is a top target for ransomware attacks, according to various reports.

In 2022, the country recorded the third-highest number of ransomware incidents after Canada and the United States, according to a NordLocker report. A report by the National Cyber Security Centre (NCSC) also identified ransomware attacks as the greatest challenge to UK organizations.

“Based on the exponential growth in ransomware attacks and the data about victim organizations, it is clear that attackers are finding ways to break into some of the best-defended enterprises,” said Arti Raman, CEO and founder of Titaniam.

Several high-profile UK organizations suffered ransomware attacks in 2022, including the country’s largest healthcare provider, the NHS, and a water supply company, South Staffordshire.

In January 2023, two UK organizations, The Guardian and the Royal Mail, each confirmed a ransomware attack that caused significant disruptions to daily operations.