ktsdesign - Fotolia
KFC has confirmed that data belonging to members of its Colonel’s Club card loyalty scheme may have been compromised after its website was targeted by hackers.
The fast food chain said it is advising all 1.2 million members of the loyalty scheme to change their passwords as a precaution, despite the details of only about 30 of them being initially targeted by the hack.
“Our monitoring systems have found a small number of Colonel’s Club accounts may have been compromised as a result of our website being targeted,” the company wrote in an email to customers.
“While it’s unlikely you have been impacted, we advise that you change your password as a precaution. If you use the same email address and password across other services, you should also reset them, just to be safe.”
The loyalty card scheme allows members to collect stamps for each KFC purchase they make that can be exchanged for free food items and money-off rewards.
The company has further moved to reassure its loyalty scheme members that no credit card details are stored alongside their details, so there is no risk of their financial data being compromised because of the breach.
In a statement to ITV News, Brad Scheiner, head of IT at KFC UK and Ireland, said: “We take the online security of our fans very seriously, so we have advised all Colonel’s Club members to change their passwords as a precaution, despite only a small number of accounts being directly affected.”
Read more about cyber security
- Global confidence in ability to accurately assess cyber risk has fallen in the past year, but the UK has fallen below the global average.
- NCSC technical director Ian Levy details some of the initiatives being pursued as part of its Active Cyber Defence Programme.
Ilia Kolochenko, CEO and founder of security firm High-Tech Bridge, commended KFC on its “mature and professional” handling of the breach, given how quickly it has moved to make customers aware of it.
“Not only [has KFC] managed to detect the incident in time, evaluate the scope of the breach, but has also notified the affected customers in a direct and transparent manner,” he said.
“In the light of recent mega-breaches, when tens of millions of customers were informed about tremendous data leaks months after they had actually occurred, KFC serves a good example of incident management and response.”