Taco Bell, KFC owner says data stolen during ransomware attack

Yum Brands, the parent company of fast-food chains KFC, Pizza Hut and Taco Bell, has confirmed that company data was stolen in a ransomware attack.

TechCrunch first learned of an apparent incident affecting Yum Brands earlier this week, which the Kentucky-based company confirmed in a statement on Thursday.

Yum Brands said a ransomware attack impacted “certain information technology systems,” prompting the chain to take some of its systems offline. The incident also led to the closure of roughly 300 restaurants in the United Kingdom for 24 hours, the company said.

Although the ransomware attack largely affected the company's U.K. operations, Yum Brands said it notified U.S. federal law enforcement as its investigation continues.

Yum Brands said that the unidentified intruder responsible for the ransomware attack stole data from the company’s network, but added it had "no evidence" that customer data was stolen. It's not clear if the company has the technical means, such as logs, to determine what specific data was exfiltrated.

It's also unclear when the ransomware attack began or how the company's systems were initially compromised. Yum Brands spokesperson Rob Poetsch declined to provide more details about the incident, referring TechCrunch to the company's statement.

“While this incident caused temporary disruption, the company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results,” the company's statement said.

Lorenzo Franceschi-Bicchierai contributed reporting.