California Pizza Kitchen has uncovered a data breach that exposed the Social Security numbers of more than 100,000 current and former employees.
The American pizza chain, which has more than 250 locations in 32 states, confirmed the incident in a data breach report posted this week. The company said it learned on Sept. 15 of a “malfunction” in its systems and its environment “protected immediately.” On Oct. 4, the company said it had determined that cybercriminals had infiltrated its systems and gained access to certain files, including employee names and SSNs.
While CPK has not confirmed how many people are affected by the breach, a report from the Maine Attorney General’s office said a total of 103,767 current and former employees — including eight Maine residents — were affected. CPK employed about 14,000 people in 2017, suggesting that most of those affected are former employees. (TechCrunch contacted CPK for more, but didn’t hear back immediately.)
“Information security is one of our highest priorities and we have implemented strict security measures to protect the information in our care,” added CPK. “When we discovered this incident, we immediately took steps to review and strengthen the security of our computing environment. We are reviewing the existing security policy and have implemented additional measures to better protect ourselves against similar incidents in the future.”
While CPK is strengthening its security in light of the incident, it’s unclear why it took the company two months to notify state authorities of the break-in. The company said the report of a data breach “has not been delayed by law enforcement”.