Fast-casual pizza chain and frozen food disrupter California Pizza Kitchen reportedly suffered a data breach that exposed the Social Security numbers of over 100,000 current and former employees, according to a breach notification viewed by TechCrunch.
Though CPK didn’t specify the exact number of people affected in the note, a separate data breach notification filed with the Maine attorney general’s office put the figure at 103,767. Aside from Social Security numbers, the breach also exposed an unspecified number or names and other files. Gizmodo reached out to CPK for more details about the additional exposed materials but did not yet hear back.
The company claims it first noticed a disturbance to its systems on September 15 and took action quickly. However, it wasn’t until October 4 that the company claimed it was able to determine cybercriminals had gained access to its system.
As TechCrunch notes, the social security numbers most likely included large swaths of former employees since CPK employed just around 14,000 employees in 2017. CPK claimed it immediately took steps to review and strengthen its security practices and said it was implementing additional measures moving forward.
Major data breaches seemingly happen all the time. News of CPK’s slip up comes on the heels of another major data breach from investment platform Robinhood, which last week announced hackers had gained access to millions of customers’ email addresses and full names and tried to extort the company. Names, date of birth, and zip code were reportedly exposed for around 310 customers. But the bad news only got worse. This week, the company issued an update revealing the data obtained by hackers included several thousand entries with phone numbers. According to Motherboard, the total number of phone numbers on access was about 4,400. Robinhood said it continues to believe Social Security numbers, bank account numbers, and debit card numbers were not exposed.
Overall, data breaches have become costlier and harder to contain since the onset of the pandemic. A study of over 500 global organisations conducted by IBM Security earlier this year determined data breaches cost the surveyed companies $US4.24 (A$6) million per incident on average, the highest average costs in IBM’s 17-years of reporting.
CPK was also one of many restaurants to struggle through the pandemic. The company filed for chapter 11 bankruptcy in July 2020 in an effort to reduce its debt. CPK reportedly completed its bankruptcy restructuring last November and was able to shed more than $US220 (A$303) million in existing debt.