Chick-fil-A, the Georgia-based fast food restaurant chain, announced on January 2 2015 that it is investigating a potential data breach involving customer payment cards.
The sandwich chain was notified of suspicious card activity by its payment industry contacts on December 19 2014. For two weeks, Chick-fil-A has been working with relevant authorities to fully understand the extent of the problem. It is currently unknown how many restaurants have been affected and, indeed, how many customers.
Chick-fil-A has contacted federal law enforcement about this possible data breach and will arrange free identity protection services to any affected customers. All customers are advised to regularly monitor their card accounts and check for suspicious activity.
All organizations that store, transmit, or process payment card holder data must comply with the Payment Card Industry Data Security Standard (PCI DSS). Among other things, it requires merchants and member service providers (MSPs) to:
- Build and maintain a secure IT network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Failure to comply with the PCI DSS can result in severe fines.
It is not yet known whether responsibility for the data breach lies with Chick-fil-A or a third-party vendor involved with the payment data.
Subscribe to our blog for more information on this story.