Finger-lickin' hack: KFC loyalty card scheme breached

Colonel's Club members advised to reset their passwords following attacks

KFC fans may be spitting feathers today, after the fried chicken franchise admitted its UK loyalty card programme has been hacked.

The 1.2 million members of the Colonel's Club - which allows customers to earn points and rewards through repeated visits to the chain's locations - were informed that the system had been compromised, and that they should change their passwords for the service along with any accounts that shared it.

Just 30 user passwords were targeted, the Colonel said, adding that the incident was not a major hack. A KFC representative was also quick to point out that no payment information was put at risk.

"We take the online security of our fans very seriously, so we've advised all Colonel's Club members to change their passwords as a precaution, despite only a small number of accounts being directly affected," Brad Scheiner, head of IT at KFC UK & Ireland, said in a statement emailed to IT Pro. "We don't store credit card details as part of our Colonel's Club rewards scheme, so no financial data was compromised."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

KFC is also set to introduce improved security measures, according to reports.

Cloud security firm CensorNet's CEO, Ed Macnair, said: "While the cause of the hack has still not been confirmed, the whole incident reveals a lack of cybersecurity hygiene. Prevention is always better than cure, but at least the Colonel's more senior employees have since promised to introduce additional security measures to safeguard customer accounts.

"For the 1.2 million Colonel's Club customers who may have been affected, as well as changing passwords for the KFC site, we'd recommend adopting a decent password manager that generates complex passwords that are extremely difficult to crack."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/network-internet/broadband/354530/openreach-offers-free-full-fibre-installation-for-thousands-of
broadband

Openreach offers free full-fibre installation for thousands of homes

14 Jan 2020
Visit/security/vulnerability/354524/microsoft-to-patch-extraordinarily-serious-cryptographic-flaw
vulnerability

Microsoft to patch ‘extraordinarily serious’ cryptographic flaw

14 Jan 2020