Fast-food chain Chick-fil-A has issued a warning to customers regarding a recent data security breach. The incident occurred between Dec. 18, 2022 and Feb. 12, 2023, during which unauthorized parties gained access to customer information, according to a statement posted on the California Attorney General’s website on Tuesday.
The company issued a notice to all of its customers, alerting them to the security incident while sharing details about the type of information that may have been accessed. The statement says that the unauthorized parties launched an automated attack against Chick-fil-A’s website and mobile application, using account credentials or email addresses and passwords obtained from a third-party source.
Chick-fil-A stated in the notice that the information that may have been accessed included names, email addresses, Chick-fil-A One membership numbers and mobile pay numbers, QR codes, masked credit/debit card numbers, and the amount of Chick-fil-A credit on customers’ accounts.
Additionally, the information may have included the month and day of the customer’s birthday, phone numbers, and addresses depending on whether or not you included that in your account information.
However, only the last 4 digits of customers’ cards were visible during the incident. The hackers were unable to get complete credit card information from customers.
The company required customers to reset their passwords, removed all stored payment methods, and freeze funds loaded onto customers’ accounts. Chick-fil-A also restored customers’ account balances and added rewards to show appreciation for customer loyalty. The company confirmed that it is continuing to enhance its security systems and fraud controls to minimize potential risks in the future.
Chick-fil-A has advised its customers to change their passwords immediately and to choose a strong, unique password. It also urged customers to remain vigilant against identity theft and fraud by regularly reviewing their credit reports and account statements to ensure that all activity is valid.