Chick-fil-A Investigates Potential Payment Card Breach


Update: 3:30 p.m. ET: On April 27, four months after initially announcing a potential data breach, Chick-fil-A confirmed that their customer data has never been stolen or compromised. Chick-fil-A has since closed their investigation.

Screen Shot 2015-01-02 at 11.47.33 AMChick-fil-A, Inc. is beginning an investigation into reports that the U.S. fast food franchise may have had customer payment card information compromised at some of their 1,850 restaurants.

The restaurant chain learned of “limited suspicious payment card activity appearing to originate from payment cards used at a few of our restaurants,” Chick-fil-A stated in a press release on December 31, 2014.

The investigation comes after several U.S. financial institutions noticed a pattern of credit card fraud linked to some of the restaurant’s customers.

While Chick-fil-A acknowledges the breach and is currently working with IT security firms, law enforcement and members of the payment card industry, the company has not released any information as to the size and scope of the attack.

Security expert Brian Krebs was first to report the potential attack following correspondences with various financial institutions. After speaking with one source, Krebs believes that while the breach is nationwide, the bulk of the attacks appear to be concentrated in Georgia, Maryland, Pennsylvania, Texas and Virginia.

His source goes on to further explain the direct impact to their financial institution. They explain that they their bank was alerted to approximately 9,000 of their customers’ credit cards potentially being compromised — impacting more customers than the December 2013 Target data breach.

“In that respect, it would be much like the breaches first reported in this blog earlier this year at other fast food chains—Dairy Queen and Jimmy Johns,” Krebs stated. “In both of those breaches, the stores impacted were franchises that outsourced the management of their point-of-sale systems to specific third party companies.”

Chick-fil-A customers are urged to check their bank statements for unusual payment card activity. In its press release, Chick-fil-A reassured customers that they would not be held liable for fraudulent charges. The company states that impacted customers will be offered identity theft services.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.


  1. Reducing credit card fraud starts with the human element – specifically – with comprehensive security awareness training. While companies often spend untold sums of money on the latest and greatest hardware and software products, they fail to recognize the importance of training and educating employees on security issues, threats, and best practices. There are a multitude of programs available online, many for free, so there’s really no excuse. Want to stay in business, then protect cardholder data by training your employees on important security issues and threats – it’s really that simple.

    From a personal perspective, individuals just need to be very careful as to who they give their cardholder data information to, and watch out for fraudulent charges, which means reviewing monthly statements and looking for any anomalies.


Leave a Comment.