Digital Forensics Dispatch

Chick-fil-A Suffers Cyber Attack, Customer Data Affected

March 7, 2023

According to a recent article on Darkreading.com, Chick-fil-A, the popular fried chicken fast food chain, has revealed that it suffered a credential stuffing attack that affected over 71,000 of its customers.

The attack occurred over several months, between December 18, 2022, and February 12, 2023, with attackers using automated techniques to test username-password combinations sourced from third-party data breaches. The stolen data used for the attacks was likely gathered or even purchased from sources on the dark web to be used in this attack against the Chick-fil-A site.  The information included customer names, email addresses, membership numbers, mobile pay numbers, and masked credit or debit card numbers.

The chain has undertaken a forensic review and initiated steps to mitigate the impact of the attack, such as removing stored payment methods and temporarily freezing account balances. The company has also added rewards to affected customers’ accounts as a gesture of goodwill.  Chick-fil-A has also recommended that customers reset their passwords and use unique and strong passwords. Credential stuffing attacks have become more common as stolen credentials are readily available on the dark web.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensic