Fast-food fried chicken chain Bojangles yesterday confirmed it notified more than 33,000 people of a February 2024 data breach that compromised the following info:
- Names
- Social Security numbers
- Government-issued ID numbers, e.g. driver’s license or passport
- Financial account numbers
- Credit and debit card numbers
- Medical info
- Health insurance info
Based on the info listed above, we can infer the data most likely belonged to Bojangles employees. It would have no reason to collect SSNs or other sensitive info from customers.
Ransomware gang Hunters International claimed responsibility for the breach, saying it stole 295 GB of data. Bojangles has not verified Hunters’ claim.
Three state attorneys general disclosed the number of breach victims in their respective states: 32,721 in South Carolina, 1,022 in Texas, and 48 in Massachusetts. We’ll update this article as more states disclose breach figures.
Bojangles’ notice (PDF) to victims states, “On March 12, 2024, we identified suspicious activity on our corporate network. We promptly undertook an extensive investigation, with the assistance of cybersecurity specialists, to determine the nature and scope of the activity. The investigation subsequently determined that certain files were viewed and downloaded by an unknown actor between February 19, 2024 and March 12, 2024.”
We don’t yet know whether Bojangles paid a ransom, how much Hunters International demanded, or how attackers breached Bojangles’ network. Comparitech contacted Bojangles for comment and will update this article if it responds.
Bojangles is offering victims free credit monitoring via IDX. The deadline to enroll is February 19, 2025.
Who is Hunters International?
Hunters International first appeared in October 2023, and is rumored to be a spin-off of an earlier group called Hive. Hunters often extorts victims twice in one attack: it seeks one ransom for decrypting systems and another for deleting stolen data.
Since its first confirmed attack, we’ve logged 53 attacks claimed by Hunters, which affected about 1.9 million records.
Hunters’ other recent attacks include those on French healthcare company CERP Bretagne Atlantique, Swedish municipality Kumla Kommun, and Inszone Insurance. The group claimed another 169 attacks that haven’t been acknowledged by targeted organizations.
Ransomware attacks on US food and beverage
Aside from data theft, ransomware attacks on food and beverage companies can lock down computer systems until a ransom is paid for a key to decrypt them. Ransomware encryption can disrupt operations and stall the supply chain, leading to product loss, delays, and missed deliveries.
In 2024 so far, Comparitech researchers tracked 21 confirmed ransomware attacks on US food and beverage companies, compromising 219,002 records. The average ransom is just north of $2.5 million.
Other recent attacks on the US F&B industry include those on EPI Breads, Misionero Vegetables, and Ellsworth Cooperative Creamery.
Another 61 such attacks were claimed by ransomware gangs but not confirmed by targets.
About Bojangles
Founded in 1977, Bojangles is a Southeastern US chain of fast food restaurants specializing in Cajun fried chicken. It operates 818 locations as of 2023, and employs more than 10,000 people, according to external sources.
Source link
-
-
-
-
-
-
-
-
/cdn.vox-cdn.com/uploads/chorus_asset/file/25429565/Rabbit_R1_Settings.JPG)
