The Social Security numbers of more than 100,000 California Pizza Kitchen Inc. employees have been stolen in a data breach.

According to a Nov. 15 regulatory filing the company lodged with the Office of the Maine Attorney General, the data breach was detected in September. How the data was stolen was not specified and described only as an “external data breach (hacking).”

In a breach notice to employees, both current and former, the company provided further information, saying it had detected “suspicious activity in its computing environment” on Sept. 15. Having detected something untoward, California Pizza Kitchen then secured the computing environment and engaged third-party computer specialists to launch an investigation. By Oct. 4, it says, it had confirmed that certain files could have been accessed without authorization.

While Social Security numbers were highlighted in the breach notice, data stolen also included the names of former and current employees.

California Pizza Kitchen went on with a stock-standard response to a data breach: efforts to secure its systems from future attack, reporting the incident to law enforcement and offering employees credit protection.

In a regular data breach case, that might usually be the end of the story but in this case, the lawyers are already circling. The law firm Wolf Haldenstein Adler Freeman & Herz LLP said in a statement today that it’s investigating claims on behalf of current and former employees of California Pizza Kitchen whose information may have been stolen.

Although it doesn’t provide proof, the law firm claims that the data may already be for sale on the dark web, a shady corner of the internet where illegal activity thrives. It’s not an unreasonable suggestion, but likewise, names and Social Security numbers alone are not as appealing as a full data set of employee information. Still, the stolen data, if matched with other stolen data, could easily be used for nefarious purposes.

“Every business like California Pizza Kitchen possesses valuable personally identifiable information data, which makes them a prime target for attackers,” Bassam Al-Khalidi, founder, co-founder and co-chief executive of credential management firm Axiad IDS Inc., told SiliconANGLE. “To help protect against attacks, enterprises need to ensure their employees practice good cybersecurity hygiene. Ongoing training can help defend against threats such as phishing or other social engineering attacks that often lead to breaches.”

Photo: California Pizza Kitchen