Church’s Chicken company-owned restaurants experience data breach

U.S. fast-food chain Church’s Chicken has warned its customers of a possible data breach in its system. In a security notice on the organization’s website, Church’s Chicken states that a network breach was found near the end of October and specifically affects company restaurants. As a result, the following took place according to the report:

Our company immediately retained a leading cybersecurity forensics firm, to help us contain and remediate the activity, and launch an investigation to determine the extent to which information in Church’s systems may have been impacted. In addition, we are continuing to cooperate with federal law enforcement and have notified payment card networks and credit monitoring agencies.

According to the security notice, only company Church’s Chicken locations were affected by the data breach due to “multiple payment processing systems” that the company employs. The breach is localized, at least at the time of this article’s writing, to 11 states: Alabama, Arkansas, Florida, Georgia, Illinois, Louisiana, Mississippi, Missouri, South Carolina, Tennessee, and Texas. This is due to the fact that Church’s Chicken asserts that “none of our franchised locations” were accessed in the breach. On the other hand, however, the investigation is not finished so it seems a bit premature to assume that breaches are not elsewhere. The company did not say how many restaurants were impacted by the data breach.

In the FAQ section of the notice, Church’s Chicken assures customers that they are safe to use credit cards at their establishments as they have “already taken steps to contain and remediate the incident, and our investigation has confirmed that any previous unauthorized third-party access is not ongoing.” Though the company is certain that no customer data has been accessed, they also state that bank statements should be monitored. Additionally, customers who order through delivery services like DoorDash, GrubHub, and others are not at risk because their payments are processed in systems belonging to those respective companies.

Featured image: Flickr / Steve Baker

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

WordPress vulnerability puts 300,000 at risk for attack

A WordPress vulnerability that could affect 300,000 users has been identified and patched. By if admins don’t update, they remain…

59 mins ago

PowerShell jobs — because you have better things to do than wait

If you run PowerShell commands that take a while to complete, consider using PowerShell jobs, which will allow the command…

4 hours ago

Validating virtual networks rules in a Storage Account using PowerShell

Here’s a TechGenix Quick Tip on how to use PowerShell to retrieve a list of virtual network rules in a…

20 hours ago

Dell launches selection of new PCs, displays, and software

A line of new Dell PCs, with innovative tech capabilities like AI and 5G, are aimed at both personal and…

1 day ago

Exchange 2010 upgrade: Migrate or export mail to PST and start fresh?

If you’re on Exchange 2010, you will have to upgrade soon. And while starting from scratch with a new 2016…

1 day ago

How to repair PST files and import data back to Outlook or Office 365

If your business relies on Outlook, you can’t risk losing mailbox data because of PST files corruption. Here’s how to…

4 days ago