Café Zupas, a Utah-based restaurant chain, recently reported a data breach to the Attorney General of Vermont. The breach involved the potential exposure of sensitive personal identifiable information within its systems. Café Zupas discovered suspicious activity in its network and initiated an investigation to determine the cause and scope of the incident. The breach occurred between October 21 and October 23, 2024, during which an unauthorized third party may have accessed and copied sensitive data.
Upon completion of the investigation, Café Zupas confirmed that sensitive information, including names and Social Security numbers, may have been compromised.
The company began reviewing the affected data to identify specific individuals whose personal information was involved. The breach notification letter sent to impacted individuals includes details on the types of information exposed, as well as offering complimentary credit monitoring services to mitigate potential risks.
In response to the breach, Café Zupas has taken steps to notify affected individuals.
On February 25, 2025, the company began sending data breach notification letters to those who were impacted by the incident. The notification also informs individuals of the potential exposure of their personal data and the measures being taken to protect them. The breach notice highlights the company’s commitment to transparency and proactive support for those affected.
Café Zupas, founded in 2004 and headquartered in Sandy, Utah, operates over 80 locations across eight states. The restaurant chain specializes in soups, salads, and sandwiches, offering both dine-in and take-out options. With more than 1,000 employees, Café Zupas continues to serve its customers while addressing the consequences of this breach and ensuring the protection of their personal information moving forward.
Reference: