X

Chick-fil-A Confirms Data Breach On Their App As Customers Report Losing Hundreds Of Dollars

April 11, 2023 by Alana Valko

 
SheFinds Photography

Chick-fil-A has made a name for itself in chicken sandwiches and extremely friendly customer service, but the chain might become less favored as customers have been impacted by a data breach. The chicken chain confirmed that customer accounts were hacked as a result of the breach, resulting in stolen personal information including bank information. The chicken chain announced that nearly 71,000 customers were impacted by the hack which happened over the course of two months. Now, the chain’s backtracking to try and save customer data, but some of it may already be compromised. See if you are impacted:

READ MORE:

Chick-fil-A Is Reportedly Axing Side Salads And Customers Are ‘Bummed’ About It

Chick-fil-A Just Dropped A New Lemonade Flavor And Customers Are Freaking Out—’I’m So Excited’

What Happened In The Chick-fil-A Data Breach?

According to a statement released by the chain notifying customers of the attack, Chick-fil-A determined that unauthorized parties launched an automated attack against their website and mobile application between December 18, 2022, and February 12, 2023.

The hackers accessed Chick-fil-A One accounts (the restaurant's rewards and membership program) using account credentials (e.g., email addresses and passwords) obtained from a third-party source. The hackers reportedly stole customers' names, email addresses, masked credit/debit card numbers, and Chick-fil-A One membership information, like member numbers, and Chick-fil-A credit, like gift cards. If members saved their birthdates, phone number, and address to their accounts, this information could have also been compromised.

The chain noted that unauthorized parties would not have retrieved full credit card numbers and only would have been able to view the last four digits of payment numbers.

Chick-fil-A Customers Report Losing 'Hundreds' Of Dollars After Hack

Still, customers reported back in January that they had hundreds of dollars stolen as hackers accessed their accounts, bought gift cards, and changed the email address on the account so customers would not be notified.

One user on Twitter wrote, "I just had 50 dollars stolen from me by someone in Atlanta, GA for a Chick-fil-A mobile order," and later updated the tweet by quoting, "My account was somehow hacked. The person changed the email on the account and that’s why I didn’t get a notification from Chick-fil-A themselves. They bought a mobile gift card. I found out when I went to delete my account." They added, "Won’t be supporting this restaurant anymore."

Another customer replied to the tweet writing, "This just happened to me too they loaded $200 and changed the email. It’s also happening to so many people it seems like they had a breach." They added, "My boyfriend's account was also hacked."

Both customers reported the incidents to the restaurant in January, but the chain did not discover the attacks until February. One of the customers noted they lost access to their debit card and had to order a completely new card with a new number. They warned customers to "remove their card" from the Chick-fil-A app.

READ MORE: Chick-fil-A Just Announced A Change To Their Rewards Program–Customers Take Note

Am I Affected By The Chick-fil-A Data Breach?

If you had a Chick-fil-A One account or used the restaurant's mobile application from you December 18, 2022, to February 12, 2023, your personal information may have been compromised.

The fast-food chicken chain reported that they "immediately took action" once they discovered the incident in February, which included requiring customers to reset passwords, removing any stored credit/debit card payment methods, and temporarily freezing funds previously loaded onto customers’ Chick-fil-A One accounts.

The chain reportedly restored account balances, which may have included refunds to the original form of payment. To rectify some pain caused, they also added rewards to accounts. Chick-fil-A reports that they are continuing to "enhance security, monitoring, and fraud controls" to prevent attacks like this from happening again.

How Can I Protect My Personal Information Against The Chick-fil-A Data Breach?

It may be too late to retrieve back what was already stolen, but you can protect your account from further attacks or unauthorized access attempts by resetting your account password. Chick-fil-A recommends customers reset their passwords "as soon as possible" if not already done. They suggest using a strong, unique password not used for other accounts. Or, if you're wary of Chick-fil-A's future security, you can delete your account to ensure it doesn't happen again.

What's Next After The Chick-Fil-A Data Breach?

According to JD Supra, a legal intelligence website, a class action suit was already filed against Chick-fil-A in a federal district court in Georgia on March 6 over the chain's “reckless” and “negligent” cybersecurity practices. There are two plaintiffs on the case, but they seek to represent anyone "similarly situated" and impacted by the breach.

Few states currently have data privacy laws in place that allow breach victims the right to act against them, but some consumers are pursuing complaints under the Federal Trade Commission Act and as violations of the Deceptive Trade Practices Acts.

But, as noted by JD Supra, states are beginning to bring legislation to the table to protect consumers. "California recently passed the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act which provide for a private right of action for the victims of a data breach," they said. "New York has a number of bills pending that may expand its laws surrounding data privacy and data breaches."

Consumers should continue to stay vigilant with the information they share online—utilizing two-factor and ensuring that you don't repeat passwords is just a start—but companies should continually protect data and advance security measures, especially as data breaches become more and more common.

Load more...