Hackers obtained access to Five Guys job applicant data.
Personal data of some job applicants at fast food burger retailer Five Guys Enterprises LLC was exposed in a cyberattack.
In a notification letterdated Dec. 29, 2022, Five Guys said it identified a “security incident” involving unauthorized access to files on a file server on Sep. 17, 2022.
In response, Five Guys said it “immediately implemented” its incident response plan, took steps to contain the breach, and launched an investigation that included an outside cybersecurity firm. The company also notified law enforcement and says it is supporting the law enforcement investigation.
On Dec. 8, 2022, Five Guys determined that the files which were exposed contained information submitted to us in connection with the employment process, including applicant names as well as other information not specified in the public version of the notification letter.
Five Guys is offering individuals affected by the data breach credit monitoring and identity protection services through the consumer privacy company IDX, at no cost. These identity protection services include one year of credit and CyberScan monitoring, a $1 million insurance reimbursement policy, and managed identity theft recovery services.
Five Guys may face legal action
According to SecurityWeek, law firm Turke & Strauss, which handles data breach lawsuits, is openly inviting anyone who received a breach notification letter from Five Guys to contact it about potential legal action. Turke & Strauss is telling potential victims the breach exposed applicant Social Security and driver’s license numbers, as well as their names.
Expert weighs in
A data security expert reached out to Chain Store Age with commentary on the Five Guys breach. Arti Raman, CEO and founder of data security platform Titaniam, said cyberattack immunity requires intrusion detection solutions, as well as sophisticated data encryption efforts.
“It is unclear if the Five Guys data leak was part of a ransomware attack or if someone simply stumbled upon an unprotected cloud storage," said Raman. "When it comes to data breaches and unauthorized access to files, any of us could find ourselves in the midst of a data leak having our personally identifiable information exposed."
Raman added that data security focuses on preventing large-scale data exfiltration.
“This can be achieved through encryption at rest, in transit, and, most importantly, encryption-in-use," she stated. "Encryption-in-use is an extremely powerful new technology that dramatically reduces ransomware, extortion, and other data-related attacks. Finally, backup and recovery needs to be in place so that even if attackers successfully bring down systems, these can be recovered without expensive payouts.”