Possible Card Breach at Some Chick-fil-A's Locations
Several United States banks say they've detected credit- and debit-card fraud relating to a new data breach. Though it's not yet confirmed where this data breach might have occurred, fast food chain Chick-fil-A is the most likely source, reports independent security journalist Brian Krebs.
The breach under investigation appears to have lasted between December 2, 2013 and September 30, 2014. Chick-fil-A says it's currently investigating these findings.If you believe you may have been affected, read on to find out what to do in the case of this or any data breach.
MORE: 10 Simple Tips to Avoid Identity Theft
In November 2014, rumor had it that payment systems at Chick-fil-A locations had been compromised, Krebs said in a blog post, but at the time the accounts were spotty and unverified.
Now, however, several banks say they have been investigating a rash of credit- and debit-card fraud pertaining to a data breach, and the common denominator in the case is that all the affected cards were used at Chick-fil-A locations, mostly in Georgia, Maryland, Pennsylvania, Texas and Virginia.
One unnamed bank told Krebs that over 9000 of its customers' payment cards have been impacted in this data breach, which is more than the number of its cards that were impacted in the infamous Target breach of 2013.
One bank's account isn't enough to give a full picture of how large this data breach might be. Krebs suspects that only certain Chick-fil-A locations were compromised, similar to the recent Goodwill breach. In such cases, the malware used to steal payment card data from a retail company's point-of-sale machines enters via a compromised third-party with which the retailer has contracted.
Chick-fil-A has yet to confirm a breach, but it did release a statement:
“Chick-fil-A recently received reports of potential unusual activity involving payment cards used at a few of our restaurants. We take our obligation to protect customer information seriously, and we are working with leading IT security firms, law enforcement and our payment industry contacts to determine all of the facts.”
"Point-of-sale compromises have come to define 2014," Krebs said on his blog, noting that in August the United States FBI issued an advisory about a type of point-of-sale malware called Backoff, which had been used against more than 1000 US companies since October 2013.
If you believe you may be impacted in this breach, you should check your account for any suspicious or unrecognized activity. If you find anything, report it immediately to the institution that issued the card.
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.
Copyright 2015 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
