Email accounts of 2 employees at Five Guys were unlawfully accessed
In a recent development, fast-food chain Five Guys has revealed a security breach that affected the personal data of job applicants. The breach, which went unnoticed for over three months, has led to a class action lawsuit due to concerns over delayed notification and biometric privacy via fingerprint scanners used for employee time clocks.
The breach was initially undisclosed and lasted for approximately three months before Five Guys publicly reported it. The exact number of individuals affected by the breach is not specified, but it is known that the breach involved personal data of job applicants.
Upon discovery, Five Guys promptly contacted law enforcement and has been supporting the ongoing investigation. As part of the remediation measures, the company has provided affected individuals with free credit monitoring and identity protection services through IDX, covering one year of credit and CyberScan monitoring.
The breach has led to a consolidated class action lawsuit in the U.S. District Court for the Eastern District of Virginia, alleging violations including failure to promptly report the breach and biometric privacy law infringements due to fingerprint scanners.
Five Guys operates approximately 1,700 locations worldwide. In a previous incident in September 2022, files linked to the company's employment process were impacted, affecting more than 37,000 individuals. In the June 2023 incident, the social security numbers of three additional Maine residents were accessed.
It is worth noting that both employee accounts compromised during the June 2023 incident had multifactor authentication enabled. However, no further details about the specific actions taken to prevent a similar incident were provided.
The company has taken additional measures to prevent a similar incident in the future, but no specific details about these measures were disclosed. An attorney for BakerHostetler, listed as outside counsel for Five Guys, was not immediately available for comment, and a spokesperson for Five Guys could not be reached for comment.
References: 1. [Source]
- Five Guys' response to the cybersecurity incident, which exposed personal data of job applicants, involved contacting law enforcement, initiating an investigation, and providing affected individuals with credit monitoring and identity protection services.
- The cybersecurity incident at Five Guys, which also involved Delayed Notification and biometric privacy issues from the use of fingerprint scanners, led to the consolidation of a class action lawsuit, questioning the company's cybersecurity practices and compliance with biometric privacy laws.
