cyber Breach

Chick-fil-A Restaurants

Oct 8, 2023 1 min read
Chick-fil-A Restaurants

American fast food business Chick-fil-A reported that a campaign of credential stuffing resulted in the compromising of the accounts of over 71000 users.

The business conducted an investigation into the incident with the aid of a forensic agency as soon as it became aware of the attack and took action to stop any additional unauthorized activities.

If the users had stored their phone numbers and addresses in their accounts, those details may have also been revealed, along with the month and day of their birthdays.

The business noted that the customer's credit card number's final four digits would have been all that were visible to unauthorized individuals.

Source: https://securityaffairs.com/143051/data-breach/credential-stuffing-chick-fil-a.html

TPRM report: https://scoringcyber.rankiteo.com/company/chick-fil-a-restaurants

"id": "chi183381023",
"linkid": "chick-fil-a-restaurants",
"type": "Breach",
"date": "03/2023",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 71000,
                        'industry': 'Food and Beverage',
                        'name': 'Chick-fil-A',
                        'type': 'Fast Food Business'}],
 'attack_vector': 'Credential Stuffing',
 'data_breach': {'number_of_records_exposed': 71000,
                 'personally_identifiable_information': ['Phone numbers',
                                                         'Addresses',
                                                         'Partial birthdates'],
                 'sensitivity_of_data': 'Medium',
                 'type_of_data_compromised': ['Phone numbers',
                                              'Addresses',
                                              'Partial birthdates',
                                              'Last four digits of credit card '
                                              'numbers']},
 'description': 'Chick-fil-A reported a credential stuffing campaign that '
                'compromised over 71,000 user accounts. Personal information, '
                'including phone numbers, addresses, and partial birthdates, '
                'may have been exposed. The last four digits of credit card '
                'numbers were also visible to unauthorized individuals.',
 'impact': {'data_compromised': ['Phone numbers',
                                 'Addresses',
                                 'Partial birthdates',
                                 'Last four digits of credit card numbers']},
 'response': {'containment_measures': 'Stopped unauthorized activities',
              'third_party_assistance': ['Forensic Agency']},
 'title': 'Chick-fil-A Credential Stuffing Campaign',
 'type': 'Credential Stuffing'}
Published by
Roshni Ray
Roshni Ray
You might also like
Ransomware cyber

IdeaLab

public 1 min read
IdeaLab, a California-based technology startup incubator, experienced a data breach in October 2024 where hackers accessed sensitive information. The Hunters…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.