Subway, the global sandwich franchise with over 40,000 locations worldwide, is investigating claims that sensitive company data has been stolen and is being held for ransom by the notorious Lockbit cybercrime group.

On Monday, Lockbit posted on their data leak site that hundreds of gigabytes of internal Subway data had been exfiltrated by one of their affiliates. According to the post penned by Lockbit, the stolen data includes “all financial aspects of the franchise” spanning employee salaries, franchise royalty payments, master franchise commissions, restaurant revenues, and more.

Lockbit alleges that Subway has been trying to conceal the data breach and is giving the company until February 2nd to respond before the stolen data gets sold to competitors. This deadline tactic is standard protocol for ransomware groups who typically threaten to leak or auction stolen data if the victim company refuses to pay the decryption ransom. Based on previous ransoms paid to Lockbit, experts estimate the hackers likely demanding tens of millions from the sandwich maker.

In a brief statement, Subway said only that they are “exploring the validity of the claim” but provided no additional details on the purported breach, whether ransomware was deployed, or how the data may have been acquired by the Lockbit affiliate.

With the February 2nd deadline looming, Subway is facing mounting pressure to either pay the ransom or risk exposing sensitive company data and financial information. As this story develops, other franchise companies are keeping a close watch, nervous they could be the next victims targeted in Lockbit’s ongoing global hacking spree.