Chick-fil-A Investigating Possible Data Breach

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

RyanSepe,
User Rank: Ninja
1/2/2015 | 10:57:55 AM

Re: Chick-Fil-A sustomers would be better off

The same can be said for many enterprises. Most are more likely to attempt reactive steps than be proactive and get onboard with the security initiative. That's where as security professionals we are tasked with providing value in proactive measures. To delineate why it is imperative to improve an enterprise security posture before an event ensues.

The enterprise ideology is equivalent to a child touching the stove. If they were to never be burnt during the process then without being taught why it is crucial not to touch the stove, there would be no reason for them to refrain from that action. In this case, if an enterprise has not been breached, in many cases, the enterprise has no burn factor and without outside intervention may see very little value in being proactive. Unfortunately with the organizations listed in this article it took them being burnt before realizing that there is value in employing security safeguards.

Reply | Post Message | Messages List | Start a Board

100%

Darth Nul,
User Rank: Strategist
12/31/2014 | 3:06:25 PM

Chick-Fil-A sustomers would be better off

if Chick-Fil-A spent their money on improving security rather than providing worthless "credit monitoring" services to affected customers.

Reply | Post Message | Messages List | Start a Board

50%

RyanSepe,
User Rank: Ninja
12/31/2014 | 12:01:39 PM

Re: Vigilance

I would be interested to see the protocols for pursuing this. Since most banks do have a fraud response program, I am curious if this turns out to be a breach if Chick-fil-A's step one will be ask client if they called their bank first.

Reply | Post Message | Messages List | Start a Board

50%

Kelly Jackson Higgins,
User Rank: Strategist
12/31/2014 | 11:44:16 AM

Re: Vigilance

Now you're making me hungry for lunch, @RyanSepe. =) Free credit monitoring services are a pretty standard offering by breached retailers.

One thing I noticed about Chick-fil-A: their PR folks were quick to respond to my query.

Reply | Post Message | Messages List | Start a Board

100%

RyanSepe,
User Rank: Ninja
12/31/2014 | 11:38:32 AM

Vigilance

I knew there was a reason I liked Chick-fil-A. Other than their delcious sandwiches. It is good to see that a company is being vigilant to determine if they were part of a breach as well as providing a means of protection against fraudelant activity related to the breach.

Did any of the other retailers that had confirmed breaches in the previous years offer similar services?

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

7 Truths About BEC Scams

Ericka Chickowski, Contributing Writer, 6/13/2019

DNS Firewalls Could Prevent Billions in Losses to Cybercrime

Curtis Franklin Jr., Senior Editor at Dark Reading, 6/13/2019

Cognitive Bias Can Hamper Security Decisions

Kelly Sheridan, Staff Editor, Dark Reading, 6/10/2019

Live Events

Webinars

WorkSpace Connect - Sept 9-11, Dallas - Register Now!

Prepare for the Future of WorkSpaces! Register Today!

Work Styles Are Evolving, Are Your IT Teams Ready?

More Informa Tech Live Events

White Papers

2019 Attacker Playbook

Why We Need Continuous Security Monitoring Platforms

Executive's Guide to Integrating SecOps and NetOps

2019 State of DevOps

EMA: Top 3 Report & Decision Guide for Security Analytics in 2019

More White Papers

Video

All Videos

Cartoon

Latest Comment: It's really difficult understanding these new startups

Cartoon Archive

Current Issue

Building and Managing an IT Security Operations Program

As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of IT Operations and Cybersecurity Operations

Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2013-7472
PUBLISHED: 2019-06-15

The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.

CVE-2019-12839
PUBLISHED: 2019-06-15

In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.

CVE-2019-12840
PUBLISHED: 2019-06-15

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.

CVE-2019-12835
PUBLISHED: 2019-06-15

formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.

CVE-2019-12830
PUBLISHED: 2019-06-15

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.

Terms of Service
Privacy Statement
Legal Entities