California Pizza Kitchen restaurant chain hacked. Confidential data leaked

California Pizza Kitchen (CPK), a popular restaurant chain in the U.S., revealed that a data breach led to the exposure of the confidential records of more than 100,000 former and current employees, including full names and social security numbers. The company argues that the data breach occurred due to the compromise of an external system.

In the notification that the company sent to the authorities it is mentioned that this external incident would have occurred in mid-September and affected a total of 103,767 individuals. California Pizza Kitchen was founded in Beverly Hills and has more than 250 branches in much of the U.S.

In its report, the company states that it detected unusual activity in its systems, so they proceeded to take the necessary security measures in order to contain a potential attack and subsequently initiate an investigation, in collaboration with a specialized firm: “Our environment was secured and an investigation was initiated to determine the nature and scope of this incident,” adds the company.

A couple of weeks later, the cybersecurity firm hired to investigate the incident confirmed unauthorized access to users’ personal information. The company began notifying directly all affected people a few days ago, ensuring that so far there are no indications of malicious use of the compromised information.

While the restaurant chain did not share technical details about the attack or attribute it to a specific hacking group, it concluded its message by mentioning that its current security policies are being evaluated in order to determine the best steps to take to improve its security environment and avoid future security incidents.

It is also mentioned that the security firm that collaborated in the investigation recommended California Pizza Kitchen implement awareness programs for users as a first security filter, although it is unknown if the company plans to create a cybersecurity awareness program.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.