Church’s Chicken company-owned restaurants experience data breach

U.S. fast-food chain Church’s Chicken has warned its customers of a possible data breach in its system. In a security notice on the organization’s website, Church’s Chicken states that a network breach was found near the end of October and specifically affects company restaurants. As a result, the following took place according to the report:

Our company immediately retained a leading cybersecurity forensics firm, to help us contain and remediate the activity, and launch an investigation to determine the extent to which information in Church’s systems may have been impacted. In addition, we are continuing to cooperate with federal law enforcement and have notified payment card networks and credit monitoring agencies.

According to the security notice, only company Church’s Chicken locations were affected by the data breach due to “multiple payment processing systems” that the company employs. The breach is localized, at least at the time of this article’s writing, to 11 states: Alabama, Arkansas, Florida, Georgia, Illinois, Louisiana, Mississippi, Missouri, South Carolina, Tennessee, and Texas. This is due to the fact that Church’s Chicken asserts that “none of our franchised locations” were accessed in the breach. On the other hand, however, the investigation is not finished so it seems a bit premature to assume that breaches are not elsewhere. The company did not say how many restaurants were impacted by the data breach.

In the FAQ section of the notice, Church’s Chicken assures customers that they are safe to use credit cards at their establishments as they have “already taken steps to contain and remediate the incident, and our investigation has confirmed that any previous unauthorized third-party access is not ongoing.” Though the company is certain that no customer data has been accessed, they also state that bank statements should be monitored. Additionally, customers who order through delivery services like DoorDash, GrubHub, and others are not at risk because their payments are processed in systems belonging to those respective companies.

Featured image: Flickr / Steve Baker

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Diebold Nixdorf ATMs targeted by jackpotting attacks

ATM manufacturer Diebold Nixdorf says its European machines are being hit by jackpotting attacks, where…

13 hours ago

Allow a home computer to connect to your Azure SQL server/database

In these days where remote computing has become crucial, you can connect your home computer…

16 hours ago

Migrating to Microsoft 365? Get the ball rolling with a trial tenant

Many companies still using Exchange Server are thinking of moving to Microsoft 365. You can…

19 hours ago

wpDiscuz WordPress plugin: Critical vulnerability found and patched

Users of the wpDiscuz interactive comment WordPress plugin should implement a new patch as soon…

2 days ago

Data lifecycle management: Policies and procedures for security and compliance

With the amount of electronic information consistently growing, data lifecycle management is crucial for compliance…

2 days ago

Deploy Windows from the cloud to on-premises hardware? Yes, you can

Wouldn’t it be nice if you could deploy Windows from the cloud while sipping an…

5 days ago