Unknown Hacker Finds SSNs, Driver’s Licenses in HR
In a Dec. 29 notification letter to consumers, Five Guys said the security incident may have involved personal information connected to the company’s “employment process” — most likely the chain’s recruiting system where applicants upload their resumes and CVs. Exposed files included the names, Social Security numbers, and driver’s license numbers of these individuals, according to Turke & Strauss LLP, the data breach law firm investigating the incident. Though details are sparse, Five Guys said that the cyber incident involving “unauthorized access” was discovered on Sept. 17, 2022, and was blocked at once. “We immediately implemented our incident response plan, took steps to contain the activity, and launched an investigation,” Five Guys said. “A cybersecurity firm that has assisted other companies in similar situations was engaged. We also notified law enforcement and are supporting its investigation.”
No Industry Is Safe from Identity Theft
Though cyber attacks on fast food chains might seem rarer than other industries — attacks on healthcare, energy, and manufacturing are rampant, to name a few — this incident is a stark reminder that no sector is truly safe from hackers looking to make quick gains by stealing or selling the sensitive data of innocent people. Just last month, BetMGM suffered a breach where threat actors managed to make off with sensitive user data, while in October, Australian wine seller Vinomofo had information from its customers and members plucked from a testing platform. In September, a threat actor accessed the email accounts of some American Airlines employees, which contained sensitive details of customers. Information such as names, driver’s licenses, Social Security numbers, dates of birth, and physical addresses are often posted for sale on dark web cybercriminal forums. In 2020, over 2.2 million Americans reported cases of fraud to the Federal Trade Commission, with most reportedly victims of identity theft. Since hackers can breach the servers of large companies and harvest information for later use, identity theft protection has become vital in this day and age. Professional identity theft solutions have become a priority for many. We’ve scrutinized one of the best out there in our full LifeLock review.
Affected Parties Will Receive Free Monitoring and Protection
As a result of the Sept. 17 incident, Five Guys said in their letter that potentially impacted individuals would receive free credit monitoring and identity protection services via IDX. The deadline to enroll is March 29th, 2023. Affected individuals should file a local police report as well as visit the Federal Trade Commission’s identity theft page for more information. Those suspecting identity fraud or misuse of personal details, or those that have received a breach notification letter from Five Guys can also reach out to Turke & Strauss via email: sam@turkestrauss.com. The data breach specialists listed the following steps to protect one’s personal information in this case:
Review the breach notice and retain a copy. Enroll in the free credit monitoring service provided by Five Guys. Change all passwords and security questions for all online accounts. Review account statements for any suspicious activity. Monitor credit reports for signs of identity theft. Contact a credit bureau to enable fraud alerts.
