A data breach at Bojangles, a fast-food chain, exposed the personal information of thousands of current and former employees. The incident, which occurred in February 2024, compromised sensitive data including names, Social Security numbers, driver’s license numbers, and health information. The company delayed notifying affected individuals until November 19, 2024 274 days after the breach began prompting a class-action lawsuit by nine employees. The lawsuit, filed in January 2024, alleged negligence in safeguarding employee data and failing to provide timely disclosure. While the case was later dismissed by a federal judge, the breach highlighted significant vulnerabilities in Bojangles’ cybersecurity measures, particularly concerning internal employee data protection. The exposed information poses risks of identity theft, financial fraud, and long-term reputational harm to the affected workforce.
Source: https://www.yahoo.com/news/articles/bojangles-employees-lack-standing-data-180750292.html
TPRM report: https://www.rankiteo.com/company/tands-inc-bojangles
"id": "tan5992759100325",
"linkid": "tands-inc-bojangles",
"type": "Breach",
"date": "1/2024",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Food Service / Fast Food',
'location': 'United States (headquartered in North '
'Carolina)',
'name': 'Bojangles',
'type': 'Restaurant Chain'}],
'data_breach': {'data_exfiltration': 'Likely (based on exposure of sensitive '
'data)',
'number_of_records_exposed': 'Thousands (current and former '
'employees)',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Driver’s license '
'numbers',
'Health information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2024-11-19',
'description': 'A data breach at Bojangles exposed sensitive personal '
'information of thousands of current and former employees, '
'including names, Social Security numbers, driver’s license '
'numbers, and health information. The company was accused of '
'delaying notification to affected individuals for 274 days '
'after the breach began in February 2024. A class-action '
'lawsuit filed by nine employees was later dismissed by a '
'federal judge in North Carolina.',
'impact': {'brand_reputation_impact': 'Negative (class-action lawsuit filed, '
'though later dismissed)',
'data_compromised': ['Names',
'Social Security numbers',
'Driver’s license numbers',
'Health information'],
'identity_theft_risk': 'High (sensitive PII exposed)',
'legal_liabilities': 'Class-action lawsuit filed (dismissed by '
'federal judge)'},
'investigation_status': 'Lawsuit dismissed; no further details on internal '
'investigation',
'references': [{'source': 'News article (unspecified publisher)'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit filed '
'(dismissed in 2024)'},
'response': {'communication_strategy': 'Delayed notification (274 days after '
'breach began)'},
'title': 'Bojangles Employee Data Breach (2024)',
'type': 'Data Breach'}