IOTW: Estee Lauder data stolen in cyber attack

Cosmetics company Estee Lauder recently suffered a cyber attack that disrupted its business processes.

The cyber attack took place on July 18, and saw a malicious actor stealing data from the company’s systems and causing disruption in the process. Estee Lauder has not made public how the hacker was able to infiltrate its systems.

In a statement about the cyber security incident, the cosmetics company said it was working to secure and restore the systems affected by the cyber attack. This included taking down some of the impacted systems.

Estee Lauder said that it had launched an investigation into the data breach to understand what, and how much, data hackers stole during the cyber attack. The company also said it had contacted both law enforcement and cyber security experts regarding the cyber attack.

A number of American companies have suffered cyber attacks in the past six months, including Nickelodeon, Blizzard Entertainment, Reddit and Yum! Brands.

Ransomware attack against Yum! Brands

US fast-food corporation Yum! Brands, which owns franchises including KFC, Pizza Hut and Taco Bell, has suffered a data breach following a ransomware attack. 

The cyber attack, which took place on January 18, 2023, involved a malicious actor gaining unauthorized access to Yum! Brands’ network. The ransomware attack disrupted the company’s business processes and shut down its IT systems, resulting in approximately 300 restaurants across the UK being temporarily. 

Yum! Brands said the malicious actor “took steps to lockdown impacted systems, notified federal law enforcement authorities, worked with leading digital forensics and restoration teams to investigate and recover from the incident and deployed enhanced 24/7 detection and monitoring technology”.

Following the cyber attack, an investigation was launched into the attack to see if any data had been stolen during it. The investigation showed that private employee data had been accessed during the cyber security incident. 

This data stolen included the names and ID card numbers of some employees including driver license numbers. In a notice of the breach sent to those affected, Yum! Brands said there was “no evidence of identity theft or fraud” being committed with the stolen data. 

“In the course of our forensic review and investigation, we identified some personal information belonging to employees was exposed during the January 2023 cyber security incident. We are in the process of sending individual notifications and are offering complimentary monitoring and protection services. We have no indication that customer information was impacted,” a Yum! Brands spokesperson said to Cyber Security Hub. 

Yum! Brands said that it had “incurred, and may continue to incur, certain expenses related to this attack including expenses to respond to, remediate and investigate this matter”.

The organization said it “does not expect this event to have a material adverse impact on its business, operations or financial results” in a report filed with the US Securities and Exchange Commission regarding the attack.