Five Guys Employee Email Breach: SSNs Stolen
Table of Contents
- By Steven
- Oct 30, 2023
Five Guys Enterprises, LLC oversees the management of services delivered by “Five Guys,” a national restaurant chain throughout the US. The restaurant is available in more than 1,450 locations, 900+ cities, and every state (except Alaska). Their prominent location distribution and policy of every order being “served to go” makes Five Guys a top contender for dinner; however, now, their prosperous history may be at risk following a data breach stemming from their employees.
How Did the Attack Occur?
According to the consumer breach notification given to Maine, the incident involved the unauthorized access of two employee email accounts. The notice does not explicitly state that the accesses occurred in connection with each other, although it seems likely. Additionally, the notices do not state how bad actors made the attack possible; the attack could have happened following a phishing ploy, a carefully planned impersonation, or vulnerable permission misconfigurations.
What Information Was Viewed or Stolen?
Little is public about the stolen information or the attacker’s goals in taking the data; the breach notices indicate that the attackers may have taken full names and Social Security Numbers (SSNs). It is unknown whether the stolen information targeted Five Guy employees and their network or consumer members. Notably, the data breach notice given to California offers two distinct letters; one refers to information potentially held by a (presumably) adult consumer, while the other refers to child data.
How Did Five Guys Admit to the Breach?
As described in the Maine and California notices, the unauthorized access occurred twice, using different employee credentials. The first event happened around March 20th, 2023, and lasted until March 31st, 2023. A few months later, the second event happened, lasting from May 31st to June 7th. As soon as Five Guys recognized the breaches, they isolated the credentials and launched an investigation. The preliminary investigation concluded on September 20th, which influenced Five Guys to begin notifying potentially impacted parties.
What Will Become of the Stolen Information?
It is unclear what will happen with the stolen information, as the scope of the attack is still unknown. If the actors were after identity information to complete fraud, the attack may end with the changing of credentials. Alternatively, if the actors stole sensitive data intending to ransom it back to the corporation, the attack may be ongoing. Additionally, because the attack presumably involves the data of children, those impacted must take active steps to guard themselves.
What Should Affected Parties Do in the Aftermath of the Breach?
Five Guys suggests implementing fraud alerts and security freezes if you see suspicious activity on your accounts. These same suggestions are also helpful for those with child information potentially exposed. However, implementing the security features for a minor related to you may involve more tedium than calling the banks. Not much is public about the attack, so the public will not know the extent of its consequences until later. One thing’s for sure: if the attackers took your or your child’s information in this cyber event, you must take preventative action.