Chick-fil-A confirms some customer names, phone numbers and credit-card information exposed in data breach

By James Rogers

The restaurant chain has reportedly fallen victim to what is known as ‘credential stuffing’, when someone’s stolen credentials are used to log in to another service.

Chick-fil-A has provided an update on the confirmed data breach in January, saying the restaurant chain was taking “necessary efforts” to protect its systems and customers.

After a thorough investigation, Chick-fil-A said in a statement Friday that less than 2% of Chick-fil-A One loyalty program members were affected by the issue. The company has been in contact with affected customers.

In a letter sent to affected users on Thursday, Chick-fil-A said the breach may have disclosed personal data such as names, dates of birth, email addresses, account passwords and credit/debit card information. The Atlanta-based private company has informed these members of the breach and what steps they should take next.

“We would never want our customers to experience something like this and have been in direct communication with those affected to resolve this issue, while making the necessary efforts to protect our systems and our customers going forward,” the statement said. “We thank our customers for their patience while we are working to resolve this issue and sincerely apologize for the inconvenience caused.”

Read the full statement below:

Check It Now: The Unusual Franchise Model Behind Chick-fil-A’s Success

On January 4, Chick-fil-A issued a statement saying that they were aware of suspicious activity on some of their customers’ Chick-fil-A One accounts. The company said it was investigating how certain customers were subjected to fraudulent activity, which it said was not due to a compromise of its internal systems.

Chick-fil-A has been the victim of a “credential stuffing” attack, with accounts being stolen and sold online, according to reports, with website Bleeping Computer reporting that accounts sell for $2 to $200. In the credential field, the stolen credentials are used to log in to other services.

In a letter to affected customers filed with the California Attorney General’s office, Chick-fil-A said that an “unauthorized party” launched automated attacks against its website and mobile app between December 18, 2022 and February 12, 2023, using credentials accounts such as email addresses and passwords. The account credentials were obtained from a third-party source, he said.

“This information may include your name, email address, Chick-fil-A One membership number and mobile payment number, QR code, masked credit/debit card number, and Chick-fil-A credit amount (for example, e-gift card balance). ) in your account (if any),” the company added. “In addition, if saved to your account, the information may include your month and birthday, phone number, and address. Importantly, unauthorized parties may only see the last four digits of your payment card number.”

Watch Now: The spent lives of US teens: Chick-fil-A, Nike and bitcoin

Chick-fil-A said that, immediately upon learning of the incident, the customer was asked to reset their password, delete all stored credit/debit card payment methods, and temporarily freeze funds previously loaded into the customer’s Chick-fil-A One account. . “We also restore a customer’s Chick-fil-A One account balance, which may include a refund to your original form of payment, where applicable,” he says.

The company also urges affected customers to reset their passwords, if they haven’t already done so, and adopt a new, strong and unique password for Chick-fil-A. The restaurant chain also makes information available on its website for customers who notice suspicious activity on their accounts.

If a customer has questions about an incident or their account, they can contact Chick-fil-A at this toll-free number: (833) 753-4428.

Privacy experts urge Chick-fil-A subscribers to be on the lookout for scams. “Bad actors must have harvested a lot of customer info in these breaches, taking more than enough information to facilitate many phishing schemes,” said Chris Hauk, consumer privacy advocate at the website Pixel Privacy. “Chick-fil-A customers should remain vigilant against phishing emails, texts, and phone calls.”

“This incident underscores the need to set a unique password for each of your online accounts,” said Paul Bischoff, privacy advocate at privacy information website Comparitech. “If you reuse the same password across multiple accounts and one of them gets compromised, they can all be compromised.”

Bischoff urges customers to use a password manager if they can’t remember a unique password and enable two-factor authentication on their Chick-fil-A account.

-James Rogers


(END) Dow Jones Newswires

03-03-23 ​​1700ET

Copyright (c) 2023 Dow Jones & Company, Inc.

Check Also

Amex Green Card LoungeBuddy Credit: How It Works

In the interest of full disclosure, OMAAT earns a referral bonus for anyone who is …

Leave a Reply

Your email address will not be published. Required fields are marked *