News is breaking that the popular fast food chain Five Guys has disclosed a data breach impacting job applicants, and the company may be facing a lawsuit over the cybersecurity incident.
On December 29th, Five Guys started notifying customers of the incident, which is the same date the company notified state authorities about the breach. The notification garnered the attention of Turke & Strauss, a law firm specializing in data breaches.
The law firm has since begun urging impacted individuals to get in touch to discuss potential legal actions against the fast food chain after it was revealed the incident exposed sensitive information including applicant names, social security numbers and driver’s license numbers.
Currently, there is little known about the incident. Five Guys conducted an internal investigation in early December that revealed unauthorized access to files on a server containing information submitted to the company in the connection with its employment process. However, it still remains unclear if the incident was part of a ransomware attack and how many people have been impacted.
Here is what cybersecurity expert Arti Raman, CEO and founder of Titaniam says:
“It is unclear if the Five Guys data leak was part of a ransomware attack or if someone simply stumbled upon an unprotected cloud storage. The first thing to do, as a community, is to extend empathy to those impacted. When it comes to data breaches and unauthorized access to files, any of us could find ourselves in the midst of a data leak having our PII exposed. With over 65% of attacks rooted in some type of human compromise, attackers can find a foothold in even the best-defended enterprises.
In times like this, it is essential to reflect on best practices so that all can benefit from each others’ experiences. In turn, this helps build resiliency based on attacks that have happened and still could happen again.
Based on our work, Titaniam has found that cyberattack immunity is a three-part solution. First, enterprises must look into prevention and detection solutions so that attacks can be stopped before they execute or be identified before infection spreads. Second, data security focuses on preventing large-scale data exfiltration. This can be achieved through encryption at rest, in transit, and, most importantly, encryption-in-use. Encryption-in-use is an extremely powerful new technology that dramatically reduces ransomware, extortion, and other data-related attacks. This is potentially what can help in the case of unauthorized access to files. Finally, the third piece is backup and recovery. This is in place so that even if attackers successfully bring down systems, these can be recovered without expensive payouts. Implementing a three-part defense helps significantly neutralize attacker leverage and protect data and enterprises.”