Jan 09 – American fast food chain Five Guys has reported a data breach that compromised the personal details belonging to job applicants.

Five Guys initially discovered “unauthorized access to files on a file server” in mid-September, but the precise information that the documents contained was not confirmed until early December.

“This is yet another incident where attackers have managed to breach an organization’s network and the victims whose data was stolen were not informed until months later, offering attackers ample time to use that information to commit credit and identity fraud” says Julia O’Toole, CEO of MyCena Security Solutions.

Compromised information

The compromised information included applicants’ names, driver’s license numbers and social security numbers.

Further details were not released by Five Guys. Affected individuals have been offered free credit monitoring and identity protection services.

Technical insights

Common web coding flaws, like Indirect Object References (IDOR), authentication flaws, and even injection flaws can allow for this type of attacker outcome.

Possible lawsuit

Reports suggest that a law firm specializing in data breaches has requested for individuals whose information my have been compromised in the Five Guys breach to file a potential case against the company.

Further details

The compromised data from this breach may be used for credit card theft, identity theft, and as part of phishing schemes and mule recruitment lures.

While only disclosed recently, this data breach took place weeks before customers affected by the KFC data breach started to receive targeted phishing emails across Saudi Arabia, the UAE and Singapore.

For more on this story, please click here. Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.