California Pizza Kitchen Data Breach Exposes Names and SSNs of Employees

United States pizza chain restaurant California Pizza Kitchen (CPK) has suffered a data breach exposing over 100,000 employee records. The records are reported to contain the social security numbers (SSN) of past and present employees of CPK. 

A data breach notification posted on the Office of the Maine Attorney General website confirmed “external systems breach”.  

CPK did not provide an exact number of employees affected by the breach. The Office of the Maine Attorney General notification lists the number of affected employees to be 103,767. CPK have stated that individuals affected by the data breach have been sent a written notice.  

CPK provided an example of the letter sent out to victims of the data breach. In this letter, the pizza chain states that they detected a disruption on “certain systems on [the CPK] computing environment” on September 15.  

CPK secured their network and investigated the breach “with the assistance of leading third-party computer forensic specialists”. CPK continues, “On October 4, 2021, the investigation confirmed that certain files on our systems had been subject to unauthorized access.” 

“Unfortunately, on October 13, 2021, we determined that certain files…could have been accessed during the event.” In the letter, CPK acknowledges that the data stolen during the breach includes names and social security numbers. 

Action Taken 

CPK detailed a number of measures they would be taking to mitigate the effect of the breach. For those affected, CPK is providing guidance against fraud that could potentially occur as a result of the stolen data. “CPK is providing individuals with information on how to place a fraud alert and security freeze on one's credit file, information on protecting against tax fraud”. 

CPK also stated they would work to “implement additional safeguards and training to its employees.” While the cause of the data breach was not given, a large number of data breaches are caused by human error, with many cases being the result of lack of cybersecurity education. Training employees in safe online practices can help prevent against many kinds of cyberattack.