Jump to content

Chick-fil-A Investigating Breach Reports

David H. Lipman

Recommended Posts

Chick-fil-A Investigating Breach Reports


Atlanta-based fast-food chain Chick-fil-A says it is working with law enforcement and a leading IT security firm to investigate whether its point-of-sale network has been breached.

In a Dec. 30 statement, which Chick fil-A posted on its website Dec. 31, the chain says it has recently received reports of potential unusual activity involving payment cards used at a few of its restaurants.

"We want to assure our customers we are working hard to investigate these events and will share additional facts as we are able to do so," Chick-fil-A states. "If the investigation reveals that a breach has occurred, customers will not be liable for any fraudulent charges to their accounts - any fraudulent charges will be the responsibility of either Chick-fil-A or the bank that issued the card. If our customers are impacted, we will arrange for free identity protection services, including credit monitoring."

Suspicious Activity

The news comes just one week after some card issuers and a security expert told Information Security Media Group they suspected a common link between suspicious activity and payment cards recently used at some Chick-fil-A locations.

One security source, who asked not to be named, told ISMG on Dec. 22 that MasterCard had issued a fraud alert on Dec. 19 about a merchant that may have been breached sometime between December 2013 and September of this year. Many issuers suspected the merchant to be Chick-fil-A or its payments processor, Charge Anywhere, which in early December confirmed a breach of its network linked to malware.

Neither Chick-fil-A nor MasterCard would comment about that alert, but the source who spoke with ISMG said the alleged compromise of Chick-fil-A appeared to be sporadic. One card issuer in the Northeast reportedly had more than 8,000 cards impacted, while other issuers had fewer than 10 cards affected, the source said.

"It could be a segment or set of franchises, because the number of compromised cards they received was pretty low and they would typically receive a lot more cards by now," the source told ISMG on Dec. 23. "It's really a wild card for now."

One executive with a banking institution based in the Southeast, who also asked not to be named, says considerable fraud linked to Chick-fil-A first surfaced over the summer. But this executive says the fraud at Chick-fil-A is likely linked to a breach of the chain's processor, Charge Anywhere, not a POS attack targeted solely at the fast-food chain.

"I have reviewed the list from MasterCard on the processor breach and it does include Chick-fil-A and Dairy Queen, plus numerous other merchants," the executive says. "One of the merchants is a local fruit market that we have suspected since 2007, but were never able to prove. This tells me that this was a breach at the processor, Charge Anywhere, and probably goes back even further than they are saying. They have indicated 2009, but I suspect at least 2007. It is really difficult to pinpoint a common point of compromise when a processor is involved, but this list solves many old unsolved cases for us."

In October, Dairy Queen confirmed a breach of its POS network that affected 395 of its 4,500 franchised U.S. locations.

Charge Anywhere confirmed earlier this month that its network had been compromised by malware, but the company reported that the breach only dated back to 2009.

On Dec. 30, a Charge Anywhere spokesman told ISMG: "We haven't got much information about the investigation and the status of that investigation right now."





Chick-fil-A customers report fraudulent activity on the chain’s app



Chick-fil-A is investigating reports of fraudulent activity on its mobile app after several customers claim their data was hacked.

Chick-fil-A is investigating reports of fraudulent activity on its mobile app after several customers claim their data, including bank account information, was accessed by hackers.

The chain tweeted a statement claiming that the activity is “not due to a compromise of Chick-fil-A Inc.’s internal systems,” adding that it is working quickly to protect customers’ data. The alleged breach was initially reported by Atlanta news station 11Alive after several customers posted about their experience on a Facebook page called Paulding County Uncensored. Paulding County is part of the Atlanta metropolitan area, where Chick-fil-A is headquartered. There are now over 100 comments related to suspicious activity.

Chick-fil-A’s app has more than 10 million downloads on Google Play and is ranked as the No. 7 most downloaded food and beverage app on Apple’s app store, behind just McDonald’s, Starbucks and Chipotle in the restaurant category.

As consumers – and businesses – become more digital, data breaches have skyrocketed. In Q3 2022, for instance, data breaches globally were up by 70% year-over-year, according to cybersecurity company Surfshark. In the U.S., they were up 14% in Q1 2022 versus the same period in 2021, according to the Identity Theft Resource Center. Restaurants and restaurant adjacent companies have not been immune. McDonald’s was hit by a data breach in 2021, for instance, while DoorDash’s recent breach affected nearly 5 million people.


Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
  • Like 1
  • Thanks 1
Link to post
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.