The LockBit ransomware group has claimed responsibility for hacking Subway, the renowned American fast-food restaurant franchise. The gang added Subway to its list of victims on its Tor data leak site, threatening to release stolen data on February 2, 2024, at 21:44:16 UTC. The compromised data, amounting to hundreds of gigabytes, includes sensitive information such as employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers, and more. The group, critical of Subway’s response, declared its intention to sell the exfiltrated data to competitors if no action is taken to secure it.
Subway, a major multinational fast-food chain known for its submarine sandwiches, wraps, salads, and beverages, faces the challenge of securing its internal systems compromised by LockBit ransomware. The cybercriminals accuse Subway of downplaying the incident and emphasize their access to substantial financial data related to the franchise. The ransomware gang’s message, published on the Tor leak site, underscores their readiness to sell the stolen data to competitors if Subway fails to protect it within a specified timeframe. Currently, the ransom amount demanded by LockBit remains undisclosed.
As Subway grapples with the aftermath of the ransomware attack, details about the demanded ransom and Subway’s response are unknown. The LockBit group’s threat to expose sensitive financial information poses a significant risk to Subway’s reputation and financial security. The incident serves as a reminder of the pervasive threat posed by ransomware groups targeting high-profile organizations, urging businesses to prioritize robust cybersecurity measures to safeguard against such attacks and protect sensitive data from unauthorized access and extortion.
