Chick-fil-A says customer data may have been cracked
The new year is bringing new security breaches.
Chick-fil-A said it's reviewing "potential unusual activity involving payment cards" that were used at some of its restaurants. While the company said it's working with IT security firms, law enforcement and payment industry contacts to investigate, it didn't disclose when or where the breach may have happened.
Security experts have cautioned that this year may prove to be lucrative hunting grounds for scam artists, given a new security standard that will go into effect in October that will make cards harder to hack. In the meantime, criminals may be doubling down on efforts to breach security systems, with about four out of 10 companies reporting a data breach within the last year.
Chick-fil-A said the suspicious activity appeared to stem from a few of its restaurants. The company told CBS MoneyWatch in an email that it had "no further updates."
In its statement, the company said that customers won't be liable for any fraudulent charges, if a security breach is discovered. "Any fraudulent charges will be the responsibility of either Chick-fil-A or the bank that issued the card," the company said.
Brian Krebs, a security blogger, wrote on his KrebsonSecurity blog that he started hearing about possible compromised systems at Chick-fil-A in November, "but the reports were spotty at best."
"Then, just before Christmas, one of the major credit card associations issued an alert to several financial institutions about a breach at an unnamed retailer that lasted between Dec. 2, 2013 and Sept. 30, 2014," he noted. "One financial institution that received that alert said the bank had nearly 9,000 customer cards listed in that alert, and that the only common point-of-purchase were Chick-fil-A locations."
The possible security breach may be linked to Chick-fil-A locations in Georgia, Maryland, Pennsylvania, Texas and Virginia, Krebs wrote.
While Chick-fil-A investigates, customers should monitor their cards for suspicious activity and report any to their banks.
Checking your card activity daily is recommended by security experts, since this allows consumers to keep an eye on unusual activity. One type of charge to be on the lookout for is the "microcharge," or small amounts of $1 or $2 that are used by hackers to test whether a card is active, which allows them to sell the cards to other crooks for higher prices. Because of that, it's important to report even small yet suspicious charges to your bank.
Chick-fil-A said that if customers are impacted, the company will arrange for free credit monitoring and identity protection services. Customers can also call (855)-398-6439 for additional support or information.