No business on Earth is immune to data breaches, even popular casual restaurant chains. According to TechCrunch, California Pizza Kitchen (CPK) recently suffered a breach that resulted in over 100,000 current and former employees having their Social Security numbers leaked.
CPK data breach exposes Social Security numbers
CPK described the nature of the data breach in a notice sent to the Maine Attorney General:
On or about September 15, 2021, CPK discovered suspicious activity in its computing environment. CPK immediately secured the environment and, with the assistance of third-party computer specialists, launched an investigation to determine the nature and scope of the incident. On or about October 4, 2021, the investigation confirmed that certain files on CPK’s systems could have been accessed without authorization. CPK therefore undertook a review of the potentially impacted files to identify the information involved and to whom it related.
CPK explained that it completed its review of those files on October 13th. The restaurant determined how many people the data breach impacted and the types of data the breach exposed. CPK says that it then went on to notify potential victims as quickly as possible.
CPK didn’t reveal precisely how many employees the breach impacted in its notice, but a notification on the Maine Attorney General’s website claims the total number of impacted individuals is 103,767. TechCrunch notes that CPK employed around 14,000 people as of 2017. This suggests that the vast majority of the victims are former employees of the chain.
CPK’s notice answers a bunch of questions, but raises a few more. For example, if the chain found out about the breach in September, why did it wait until November to start notifying affected individuals? After all, the chain explicitly states that law enforcement did not delay the notice.
We can hope that California Pizza Kitchen will share more details in the near future.
How is CPK helping impacted individuals?
The restaurant chain says that as soon as it discovered the breach, it began reinforcing the security of its computing environment. It is also reviewing existing security policies and implementing additional measures to prevent future breaches. The restaurant reported the incident to law enforcement and plans to cooperate with any investigations. Finally, CPK is notifying the victims.
If you happen to be one of those victims, CPK is offering free memberships to Experian’s IdentityWorks. This theft protection program will be useful if hackers do manage to obtain your private information. Affected CPK employees will have until January 31st, 2022 to sign up.
Here’s more from California Pizza Kitchen on its plans to assist impacted individuals:
Additionally, CPK is providing impacted individuals with guidance on how to better protect against identity theft and fraud, including advising individuals to report any suspected incidents of identity theft or fraud to their credit card company and/or bank. CPK is providing individuals with information on how to place a fraud alert and security freeze on one’s credit file, information on protecting against tax fraud, the contact details for the national consumer reporting agencies, information on how to obtain a free credit report, a reminder to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports, and encouragement to contact the Federal Trade Commission, their state Attorney General, and law enforcement to report attempted or actual identity theft and fraud.
We’ll be sure to share any worthwhile updates if and when California Pizza Kitchen provides them. In the meantime, if you want to keep your data safe online, don’t use any of these terrible passwords.