Finger-lickin' hack: KFC loyalty card scheme breached
Colonel's Club members advised to reset their passwords following attacks
KFC fans may be spitting feathers today, after the fried chicken franchise admitted its UK loyalty card programme has been hacked.
The 1.2 million members of the Colonel's Club - which allows customers to earn points and rewards through repeated visits to the chain's locations - were informed that the system had been compromised, and that they should change their passwords for the service along with any accounts that shared it.
Just 30 user passwords were targeted, the Colonel said, adding that the incident was not a major hack. A KFC representative was also quick to point out that no payment information was put at risk.
"We take the online security of our fans very seriously, so we've advised all Colonel's Club members to change their passwords as a precaution, despite only a small number of accounts being directly affected," Brad Scheiner, head of IT at KFC UK & Ireland, said in a statement emailed to IT Pro. "We don't store credit card details as part of our Colonel's Club rewards scheme, so no financial data was compromised."
KFC is also set to introduce improved security measures, according to reports.
Cloud security firm CensorNet's CEO, Ed Macnair, said: "While the cause of the hack has still not been confirmed, the whole incident reveals a lack of cybersecurity hygiene. Prevention is always better than cure, but at least the Colonel's more senior employees have since promised to introduce additional security measures to safeguard customer accounts.
"For the 1.2 million Colonel's Club customers who may have been affected, as well as changing passwords for the KFC site, we'd recommend adopting a decent password manager that generates complex passwords that are extremely difficult to crack."
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now