Fast food chain KFC might keep the age-old Colonel Saunders’ recipe under lock and key but unfortunately the same cannot be said for the data it holds on its loyalty club members after the firm admitted its systems have been hacked.
KFC claimed that only 30 members of the Colonel’s Club programme have been targeted, , so far at least, although it has warned the scheme’s 1.2 million members about the breach.
In an email to members, KFC said: “Our monitoring systems have found a small number of Colonel’s Club accounts may have been compromised as a result of our website being targeted. Whilst it’s unlikely you have been impacted, we advise that you change your password as a precaution.
“As this type of problem is becoming more common online, we’ve now introduced additional security measures to further safeguard our members’ accounts and to stop this kind of thing happening again.”
KFC has refused to disclose any details about the attack or what other information may have been accessed, but it insisted that no financial details had been compromised. However, it did concede that the hack represented an increased threat from phishing emails.
“No card details are thought to be stored as part of the scheme, which customers can sign up to in order to start collecting Chicken Stamps to earn free food rewards,” it said. “However, hackers could use personal account details to craft convincing phishing messages designed to harvest more personal and financial information from individuals, or try members’ other online accounts they may share the same credentials with.”
Last month, the BBC Watchdog programme revealed that food delivery firm Deliveroo had been hit by hackers, leading to many customers paying for takeaways they had not received.
Thousands warned ‘it could be you’ in Camelot hack
Takeaway fans hit where it hurts in Deliveroo breach
Adult site confirms 419m users have been exposed
NatWest warns 600,000 over Three breach threat
Blunder exposes 50,000 Virgin Media job applicants
Three would face whopping £1.8bn fine under GDPR