Due to an employee’s carelessness the fast food restaurant chain suffered a security breach
Information security and digital forensics specialists report that the fast food restaurant chain Five Guys, suffered a security breach that resulted in a data theftaffecting an important percentage of its employees. According to a security advice from the company, sent to the office of the attorney General of California on November 2:
“On August 6, 2018, the company discovered that an employee could have been the victim of a phishing email attack that resulted in unauthorized access to the employee’s email account. Five Guys secured the account immediately, conducted an internal investigation, and hired a leading cybersecurity and digital forensics company to assist in the research, thus starting an extensive search of the employee’s inbox to identify possible malicious content”, mentions the company’s letter.
“The investigation found that the employee’s email inbox contained messages or attachments with names, dates of birth, social security numbers, addresses, hiring dates, and taxpayer information from various employees”.
Although not explicitly stated in the letter signed by Sam Chamberlain, Director of operations for Five Guys, additional reports indicated that the phishing attack occurred on May 23, 2018.
The number of employees affected by this incident has also not been disclosed by the digital forensics experts in charge of the investigation. The company reported that it has offered affected employees a year of protection against identity theft and similar computer frauds.
Five Guys has more than a thousand franchises distributed in countries like the United States, Canada, United Kingdom and France.