Restaurant chain California Pizza Kitchen has exposed over 100,000 current and former employees' data to potential theft, the company admitted this week. The data at risk included staff names and Social Security numbers.
The data breach filing with the Maine Attorney General reported a total of 103,767 affected people, including eight residents of that state. The filing said the company discovered suspicious activity in its computing environment on September 15 and launched an investigation.
On October 4, it confirmed hackers could have accessed some files and then discovered the extent of the data theft by October 13.
The data that might have been compromised included names and Social Security numbers, the company said.
"There is no indication that individuals’ specific information was accessed or misused," said the document. "However, CPK is notifying all potentially impacted individuals out of an abundance of caution."
The company is offering a year of credit monitoring to those whose data might have been stolen.
Protecting every edge to make hackers’ jobs harder, not yours
How to support and secure hybrid architectures
The Costa Mesa, California-based restaurant chain has nearly 200 restaurants across eight countries. Last month, it announced its expansion into Canada. The company, which filed for bankruptcy protection at the height of the pandemic last year, was reportedly considering a sale or IPO to refinance debt in July this year.
While the US still lacks a federal data breach notification law, each state has passed legislation requiring private businesses to notify individuals when their information is breached. Some, such as California and Virginia, have gone further with strict data protection laws that impose penalties for mishandling of personal data.
In June, Senator Kirsten Gillibrand (D-NY) introduced a bill to create a federal data privacy regulator.
