California Pizza Kitchen Serves Up Employee SSNs in Data Breach

A hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said. 

California Pizza Kitchen (CPK) served up more than tasty meals recently after a data breach exposed the names and Social Security numbers (SSNs) of more than 100,000 current and former employees.

The “external system breach” occurred on Sept. 15 at the popular U.S. pizza chain and affected 103,767 people, according to a Data Breach Notification posted on the website of the Maine Attorney General. CPK, founded in Beverly Hills, Calif. in 1985, has more than 250 locations across 32 states.

CPK discovered “suspicious activity” in its computing environment “on or about Sept. 15” and took hasty action to mitigate and investigate the occurrence with third-party IT specialists, according to the notice.

“CPK immediately secured the environment and … launched an investigation to determine the nature and scope of the incident,” the company wrote in the notice CPK sent to affected residents of Maine.

By Oct. 4, investigators had confirmed that certain files on CPK’s systems “could have been accessed without authorization,” according to the notice. By the end of the initial review

Read More: https://threatpost.com/california-pizza-kitchen-employee-ssns-data-breach/176478/