Update: 3:30 p.m. ET: On April 27, four months after initially announcing a potential data breach, Chick-fil-A confirmed that their customer data has never been stolen or compromised. Chick-fil-A has since closed their investigation.
The restaurant chain learned of “limited suspicious payment card activity appearing to originate from payment cards used at a few of our restaurants,” Chick-fil-A stated in a press release on December 31, 2014.
The investigation comes after several U.S. financial institutions noticed a pattern of credit card fraud linked to some of the restaurant’s customers.
While Chick-fil-A acknowledges the breach and is currently working with IT security firms, law enforcement and members of the payment card industry, the company has not released any information as to the size and scope of the attack.
Security expert Brian Krebs was first to report the potential attack following correspondences with various financial institutions. After speaking with one source, Krebs believes that while the breach is nationwide, the bulk of the attacks appear to be concentrated in Georgia, Maryland, Pennsylvania, Texas and Virginia.
His source goes on to further explain the direct impact to their financial institution. They explain that they their bank was alerted to approximately 9,000 of their customers’ credit cards potentially being compromised — impacting more customers than the December 2013 Target data breach.
“In that respect, it would be much like the breaches first reported in this blog earlier this year at other fast food chains—Dairy Queen and Jimmy Johns,” Krebs stated. “In both of those breaches, the stores impacted were franchises that outsourced the management of their point-of-sale systems to specific third party companies.”
Chick-fil-A customers are urged to check their bank statements for unusual payment card activity. In its press release, Chick-fil-A reassured customers that they would not be held liable for fraudulent charges. The company states that impacted customers will be offered identity theft services.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.