California Pizza Kitchen (CPK) pizzeria franchise is notifying its employees that a gap on their systems has been found and potentially exploited to data leaks of all collaborators.

In all, around 103 employees, including current and former employees, have had sensitive information — such as identity numbers and social service records — on display since at least September 15 this year, when the failure was discovered.


The notifications took place only in November, after further investigations to assert damages. The company guarantees that, after the incident, it took steps to reinforce and update its security systems. It is possible that the incident could be used by cybercriminals to rob victims, or even in the application of a scam — if only to get stuff for free.

“We immediately established the security of the environment and, with help from groups of third-party forensic experts, launched an investigation to identify the nature and scope of the incident,” the company said in the email to victims provided to SecurityWeek.

“On October 4, 2021, the investigation confirmed that certain files on our systems were subject to unauthorized access,” the notification concludes.

CPR decided to notify data leakage "just in case"

According to the pizzeria, it is not possible to infer if there was a data leak, nor that there is any scam in progress involving the extracted information - but, "out of an abundance of caution", they thought it better to notify.

“We also report the incident to security authorities and will cooperate with any investigation. We are notifying potentially impacted individuals, including you, so you can take steps to protect your information,” explains California Pizza Kitchen.

Image: PublicDomainImages/Pixabay/CC

Read more:

Have you watched our new videos on YouTube do Olhar Digital? Subscribe to the channel!