Posted On January 7, 2023 Consumer Privacy & Data Breaches
January 7, 2023 – Five Guys Enterprises, LLC filed notice of a data breach with several attorney generals throughout the country on December 29, 2022 after job applicants’ information was exposed to unauthorized parties in a cyberattack. According to the filing, the information that was accessed included first and last names, driver’s license numbers, financial account information, and Social Security numbers. Once Five Guys confirmed the data breach, it sent notification letters to all 37,529 individuals affected by the breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the cyberattack. If you have received a breach notification letter from Five Guys, you may be entitled to financial compensation from the company. We offer free consultations to help victims of the attack learn about the risks of identity theft and what they can do to protect themselves.
Five Guys Enterprises, LLC is a fast-food chain specializing in menu items such as hamburgers, French fries, and hot dogs. Originally founded in 1986 in Lorton, Virginia, Five Guys had five locations before franchising in 2001. By 2016, it had more than 1,700 locations across the United States. The company employs over 5,000 people and generates approximately $544 million in revenue annually.
According to filings with various attorney general offices, Five Guys discovered that its computer system had been accessed by an unauthorized party. The company provided no further detail on how the system had been hacked. After ensuring that company servers had been secured, Five Guys began investigating with third-party cybersecurity experts to determine what information had been leaked. After the investigation was concluded, Five Guys determined that job applicants’ confidential information had been leaked, including first and last names, driver’s license numbers, financial account information, and Social Security numbers.
On December 29, 2022, Five Guys sent notification letters of the breach to all affected individuals. Per the Texas Attorney General’s reports, there were 3,548 victims in Texas alone, though the total number of victims is still unknown.
If you received a notification letter from Five Guys Enterprises, LLC about the data breach, your information may now be in the hands of hackers. Information like your full name, driver’s license number, financial account information, and Social Security number could be in the hands of criminals looking to commit identity theft.
We’ve compiled a list of things you should do as soon as you receive notification that your personal information has been leaked. The list is not comprehensive, and you may want to take additional steps.
If your information was accessed in the cyberattack, Five Guys will send a letter informing you. You should read the letter carefully because it could contain information like how the computer system was accessed, what the company is doing to protect confidential information in the future, and whether anyone affected has been the victim of identity theft or fraud.
Hackers won’t wait long to use the stolen information once it is in their hands. They don’t want to give people time to close and freeze their accounts. Sometimes, however, they need additional information to commit their crimes, so they may hold onto the information for weeks or even months before using it. You should continue to monitor your information for a while after it was leaked and watch out for suspicious activity.
Fraud alerts and credit freezes are free services provided by major credit bureaus. A fraud alert will alert companies checking your credit that someone could be trying to commit fraud with your information. A credit freeze will stop companies from checking your credit without prior approval.
Five Guys has offered victims of the breach free credit monitoring services. Credit monitoring will alert you to any suspicious activity on your financial accounts and usually involves a monthly fee. Enrolling in Five Guys’ free service allows you to be on top of your accounts in this precarious situation.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Five Guys data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is the letter sent to affected individuals which can also be found here:
Five Guys Enterprises, LLC (“Five Guys”) understands the importance of protecting the information that we maintain.
We are writing to inform you that we recently identified and addressed a security incident that may have involved your information. This letter explains the incident, measures we have taken, and some steps you may choose to take.
We identified a security incident on September 17, 2022 that involved unauthorized access to files on a file server. We immediately implemented our incident response plan, took steps to contain the activity, and launched an investigation.
A cybersecurity firm that has assisted other companies in similar situations was engaged. We also notified law enforcement and are supporting its investigation.
The investigation identified unauthorized access to files on our file server that occurred on September 17, 2022. We conducted a careful review of those files and, on December 8, 2022, determined that the files contained information submitted to us in connection with the employment process, including your name and [Redacted].
We wanted to notify you of this incident and to assure you that we take it seriously. We have arranged for you to receive credit monitoring and identity protection services through the company IDX at no cost to you. These identity protection services include one year of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services. These services are completely free to you, and enrolling in this program will not hurt your credit score. For more information on the services, including instructions on how to activate your complimentary one-year membership, please visit [Redacted] or call 1-833-758-5800 and use the Enrollment Code provided above. Please note the deadline to enroll is March 29, 2023. For more information on identity protection as well as some additional steps you can take in response, please see the additional information provided in this letter.
We regret that this incident occurred and apologize for any inconvenience. To prevent something like this from happening again, we have taken steps to enhance our existing security measures. If you have any questions, please call 1-833-758-5800, Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.