Connect with us

Hi, what are you looking for?



Subway Sandwich Chain Investigating Ransomware Group’s Claims

The LockBit ransomware group claims to have stolen hundreds of gigabytes of data from US sandwich chain Subway.

Sandwich chain Subway has launched an investigation after the notorious LockBit ransomware group claimed over the weekend that it hacked into the company’s systems and stole vast amounts of information. 

“The biggest sandwich chain is pretending that nothing happened,” the LockBit gang said in a message posted on its website. “We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial expects of the franchise, including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers etc.” 

The hackers added, “We are giving some time for them to come and protect this data, if no we are open to sell to competitors.”

The cybercriminals posted the message on January 21 and are apparently giving Subway until February 2 to pay a ransom. 

“We are exploring the validity of the claim,” a Subway spokesperson told SecurityWeek via email.

Subway has roughly 20,000 locations worldwide and over 400,000 employees, according to the company’s Wikipedia page. 

LockBit has been the most active ransomware group, targeting thousands of organizations. The US government reported in June 2023 that the group had targeted 1,700 entities in the US alone, receiving over $90 million in ransom payments since early 2020. 

Related: MGM Resorts Says Ransomware Hack Cost $110 Million

Related: Ransomware Shuts Hundreds of Yum Brands Restaurants in UK

Advertisement. Scroll to continue reading.

Related: Cyberattack Disrupts Ace Hardware’s Operations

Related: 500k Impacted by Data Breach at Fashion Retailer Forever 21 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.