California Pizza Kitchen (CPK) has revealed a data breach that exposed the Social Security numbers of more than 100,000 current and former employees.
The U.S. pizza chain, which has more than 250 locations across 32 states, confirmed the incident in a data breach notification posted this week. The company said it learned of a “disruption” to its systems on September 15 and moved to “immediately secure” its environment. By October 4, the company said it had determined cybercriminals had infiltrated its systems and gained access to certain files, including employee names and SSNs.
While CPK didn’t confirm how many people are impacted by the breach, a notification from the Maine attorney general’s office reported a total of 103,767 current and former employees — including eight Maine residents — are affected. CPK employed around 14,000 people as of 2017, suggesting the bulk of those affected are former employees. (TechCrunch contacted CPK for more but did not immediately hear back.)
“Information security is among our highest priorities, and we have strict security measures in place to protect information in our care,” CPK added. “Upon discovering this incident, we immediately took steps to review and reinforce the security of our computing environment. We are reviewing existing security policies and have implemented additional measures to further protect against similar incidents moving forward.”
However, while CPK is shoring up its security in light of the incident, it’s unclear why it took the company two months to notify state authorities of the intrusion. The company said its data breach notification “has not been delayed by law enforcement.”