Kentucky Fried Chicken UK has admitted that a small number of its customers may have had their personal details stolen after members of the Colonel’s Club loyalty system were recently targeted.
The fast food giant sent warning emails to the 1.2 million members of the club as a precaution, urging them to change their account log-ins as well as credentials on any sites they shared the same passwords with.
No card details are thought to be stored as part of the scheme, which customers can sign up to in order to start collecting Chicken Stamps to earn free food rewards.
However, hackers could use personal account details to craft convincing phishing messages designed to harvest more personal and financial information from individuals, or try members’ other online accounts they may share the same credentials with.
KFC UK appears not to have put a statement about the incident on its site. But it released the following in a bid to reassure customers:
“We take the online security of our fans very seriously, so we’ve advised all Colonel’s Club members to change their passwords as a precaution, despite only a small number of accounts being directly affected. We don’t store credit card details as part of our Colonel’s Club rewards scheme, so no financial data was compromised.”
The news follows a spate of data breach incidents, ranging from the compromise of 86 million Dailymotion accounts at the start of the month to news that 25,000 customers of UK lender Charter Savings Bank could be at risk.
In the fast food space, delivery firm Deliveroo has also come in for criticism after its fraud filters failed to spot that hackers had hijacked user accounts and run up huge bills.
In that case, however, it’s claimed the attackers used credentials obtained from a breach of another company the customers used the same log-ins with.
Tripwire claimed recently only a quarter of US firms can effectively detect and respond to breaches.