Chick-fil-A Latest To Suffer Security Breach, At Least 9,000 Credit Cards Affected
"We want to assure our customers we are working hard to investigate these events and will share additional facts as we are able to do so," Chick-fil-A said in a statement. "If the investigation reveals that a breach has occurred, customers will not be liable for any fraudulent charges to their accounts --- any fraudulent charges will be the responsibility of either Chick-fil-A or the bank that issued the card. If our customers are impacted, we will arrange for free identity protection services, including credit monitoring."
Security outfit KrebsOnSecurity said it's heard from "several U.S. financial institutions" that they've been able to trace a pattern of credit card fraud back to accounts that all were used at different Chick-fil-A locations around the country. One of the banks said it received an alert with nearly 9,000 customers cards listed on it, with Chick-fil-A being the only common point of purchase.
"It's crazy because 9,000 customer cards is more than the total number of cards we had impacted in the Target breach," the source told KrebsOnSecurity, speaking on the condition of anonymity.
Chick-fil-A said it first learned of the "unusual activity" on December 19, 2014. The chain is keeping mum on whether any other information may have been compromised in the breach, saying that it's investigation is ongoing and that "it would be premature" to comment any further.