Fast food restaurant Chick-fil-A reportedly suffered a data breach at retail locations in the United States, confirming "potential unusual activity involving payment cards" at restaurants in Georgia, Virginia, Pennsylvania, Texas and Maryland before the holidays in December. Up to 9,000 customers could be at risk following the incident, cybersecurity experts confirmed.
"We want to assure our customers we are working hard to investigate these events and will share additional facts as we are able to do so," according to Chick-fil-A, in a statement sent to Krebs on Security. "If the investigation reveals that a breach has occurred, customers will not be liable for any fraudulent charges to their accounts - any fraudulent charges will be the responsibility of either Chick-fil-A or the bank that issued the card. If our customers are impacted, we will arrange for free identity protection services, including credit monitoring."
Trying to compromise retail locations, collecting payment information from point-of-sale (POS) machines, continues to be a popular target among cybercriminals. Despite many of the records being safe from attack, as banks and credit card companies are faster to disable accounts and reissue cards - breaching POS systems has proven easier than direct attacks.