The popular American fast-food chain says around 71,000 customers had their financial information stolen, the findings of an investigation into reports of hacked user accounts it launched at the beginning of the year.
"We are investigating suspicious activity on some customer accounts. We are committed to protecting customers' data and are working quickly to resolve the issue," Chick-fil-A said when the investigation began.
A breach notification, filed with the attorneys general in a couple of states in the US, shines more light on the cyber incident. Chick-fil-A said it affected 71,473 people.
"We determined that unauthorized parties launched an automated attack against our website and mobile application between December 18, 2022, and February 12, 2023, using account credentials (such as email addresses and passwords) obtained from a third-party source," Chick-fil-A said.
The company said it was an external system breach, and hackers acquired customers' names and other personally identifying information in combination with financial account or payment card numbers. Card security, access codes, passwords, and account PINs were also compromised.
"In addition, if saved to your account, the information may have included the month and day of your birthday, phone number, and address. Importantly, unauthorized parties would only have been able to view the last four digits of your payment card number," Chick-fil-A said.
Following the breach's discovery, the company required customers to reset passwords, removed any stored payment card information, and temporarily freezed funds previously loaded onto customers' Chick-fil-A One accounts.
More from Cybernews:
Subscribe to our newsletter