Chick-fil-A announces app data breach, tells customers how to protect personal information

CHARLOTTE — On Friday morning, Chick-Fil-A released a statement about a data breach on their mobile app.

In their statement, the restaurant said the data breach concerned the personal information of app users. The company also provided details about the breach, measures that were taken as a response, and a list of resources to help customers.

The restaurant says they noticed weird login activity on a specific Chick-fil-A One account. They then took steps to stop any more unauthorized activity, began an investigation, and contacted a national forensics firm.

After the investigation, Chick-fil-A learned that a cyber attack had been launched on their website and app between December 2022 and February of this year. The attack was launched using email addresses and passwords from a third-party source.

Through the investigation, the restaurant learned that the information taken from customers included names, email addresses, and Chick-fil-A membership numbers, mobile payment numbers, QR codes, masked credit or debit card numbers, any money on your personal Chick-fil-A account, and other personal information. Chick-fil-A said that the unauthorized parties could only see the last four numbers of whatever card was used to pay.

The company has taken and is currently taking other measures to protect its customers’ personal information, like removing saved credit card information, sending alerts to customers to reset their passwords, and temporarily freezing money in certain customers’ accounts. The restaurant also reimbursed mobile accounts that were impacted by the cyber attack.

Chick-fil-A finished their statement by saying they’re increasing their online security, monitoring, and fraud control but also encouraging their customers to keep track and use strong passwords to make their accounts less vulnerable to these attacks.

(WATCH BELOW: Charlotte City Council approves drive-thru only Chick-fil-A in Cotswold)