Burger joint Five Guys disclosed a breach involving Social Security numbers


Five Guys, the American fast-food chain, had its systems breached last year with threat actors potentially accessing sensitive employee data.

Attackers breached Five Guys‘ servers on September 17, the company disclosed. An investigation revealed that threat actors accessed information submitted to the company “in connection with the employment process.”

Five Guys operates in over 1,700 locations worldwide, employs over 5,000 people, and boasts a revenue north of $1.7 billion.

ADVERTISEMENT

While the letter doesn’t specify what type of data attackers might have taken, Turke & Strauss LLP, a law firm representing the company, said individuals may have had their name, Social Security number (SSN), and driver’s license number exposed.

Neither Five Guys nor the law firm representing the company disclosed how many people could have been affected by the breach. If the “connection with employment process” includes job applications sent to Five Guys restaurants, thousands could have been impacted by the attack.

Once stolen, SSNs and other sensitive data quickly end up on underground marketplaces, where cybercriminals can buy the data to use in whichever way they like.

It is estimated that on its own, SSN costs up to $4 on the darkweb. However, the price of a collated dataset with additional information on the individual can double the price.

Losing SSN pose significant risks as impersonators can use stolen data in tandem with names and driver’s licence number for identity theft.

In a letter disclosing the breach to affected persons, Five Guys said the company had arranged for potential victims to receive credit monitoring and identity protection services to guard against possible instances of identity theft.

ADVERTISEMENT