Fast food restaurant chain Chick-fil-A says it's working with law enforcement, the payment industry, and security firms to determine whether reports of suspicious activity with payment cards used at some of its restaurants were due to a data breach.
"Chick-fil-A recently received reports of potential unusual activity involving payment cards used at a few of our restaurants," the company said in a statement. "We want to assure our customers we are working hard to investigate these events and will share additional facts as we are able to do so."
If the investigation confirms there was a data breach, Chick-fil-A says its customers won't be responsible for fraudulent charges and will receive free credit monitoring services. "If the investigation reveals that a breach has occurred, customers will not be liable for any fraudulent charges to their accounts. Any fraudulent charges will be the responsibility of either Chick-fil-A or the bank that issued the card. If our customers are impacted, we will arrange for free identity protection services, including credit monitoring."
Reports of potential payment card fraud were first reported by KrebsOnSecurity yesterday. According to the blog, a major credit card association this month alerted some financial institutions of "an unnamed retailer" being breached between December 2, 2013, and September 30, 2014. A financial institution source told KrebsOnSecurity that some 9,000 of its issued customer cards were on the list, and their common link was transactions at Chick-fil-A restaurants.