American burger chain, Five Guys, experienced a data breach mid-September last year, which led to the exposure of personally identifiable information (PII) of job applicants.
According to the fast food chain, it “identified a security incident on Sept. 17, 2022 that involved unauthorized access to files on a file server.” Ever since, the company has taken steps to contain the incident by launching an investigation and executing its incident response plan.
Part of the steps Five Guys took was to send a letter to each impacted individual. The letters were sent out on Dec. 19, 2022 with the aim of informing the individuals about the data breach incident, explaining the incident, highlighting the measures Five Guys has taken, and presenting some steps victims can take to prevent further damage.
Five Guys revealed that it involved law enforcement as well as a cybersecurity company that is familiar with such data breach matters.
“A cybersecurity firm that has assisted other companies in similar situations was engaged. We also notified law enforcement and are supporting its investigation,” the letter reads.
Some of the information exposed in the data breach include: name, health information, Social Security numbers, and driver’s license information. Five Guys advised that victims can protect their health data by reviewing every statement they receive from their healthcare providers or health insurer.
“If you see charges for services that you did not receive, contact your insurer or provider immediately,” the letter explains.
In addition to giving advice, Five Guys also arranged for the impacted individuals to “receive credit monitoring and identity protection services at no cost.” The company claims that these services come with “one year of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.” It also claims that none of these services would have a negative impact on the victims’ credit scores.