Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.

Five Guys burger chain admits to significant data breach

Late last month, the popular American burger flipper Five Guys began sending out notices to individuals affected by a data breach the company suffered in September of 2022. 

user icon David Hollingworth
Fri, 06 Jan 2023
Five Guys burger chain admits to significant data breach
expand image

The letter, sent to those affected by the breach on 29 December, states that the incident was detected on 17 September, with the extent of the files exposed discovered only on 8 December.

“We conducted a careful review of those files and, on December 8, 2022, determined that the files contained information submitted to us in connection with the employment process, including your name and <<Variable Text 1>>,” one version of the letter reads.

Another version of the letter exists, which does not disclose the timing of the breach, nor its relation to possible job applicants. It also simply refers to the data exposed as “name and <<Variable Text 1>>”.

Both letters go on to offer victims credit monitoring and data protection services free of charge, along with a range of additional steps that victims could take to protect themselves, such as setting up fraud alerts and security freezes.

One alarming suggestion the letter makes is what to do if information about your health may have been exposed.

“It is always advisable to review any statements you may receive from your health insurer or healthcare providers,” the letters read. “If you see charges for services that you did not receive, contact your insurer or provider immediately.”

However, more concrete information on the nature of the data exposed by the breach has been revealed by a law firm investigating the incident in pursuit of possible litigation. 

According to Turke & Strauss LLP, the breached data includes names, Social Security numbers, and driver’s licence numbers. 

Neither Turke & Strauss LLP or Five Guys have revealed the number of people affected at this stage.

Five Guys operates three locations in Sydney and Melbourne, and we have reached out to the local franchise to see if any Australians have been affected by the breach. 

Five Guys' privacy policy certainly makes for interesting reading in terms of the data the company collects. It’s very much boilerplate copy to address both the GDPR and the California Consumer Privacy Act, but it does reveal somewhat the extent of the data that this breach could have exposed. Out of 11 categories of data, Five Guys states it collects nine, including biometric, commercial, and health information.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.