An American restaurant chain has warned of a possible data breach after detecting unauthorized activity in a computer system used to process payments.
Church’s Chicken launched an investigation after noting the suspicious behavior at the end of October. The company has stated that any previous unauthorized third-party access that may have occurred has been halted.
“Although our investigation is ongoing, what we currently know suggests that payment cards used at certain restaurants in 2019 may have been impacted,” said a Church’s spokesperson.
“We believe the incident may have impacted payment cards, including payment card numbers, names, and expiration dates, used at certain Church’s restaurants.”
Cajun Operating Company, commonly known as Church’s Chicken or Church’s, operates a string of restaurants in the United States and throughout the world.
In a statement released on its website, the company said that the possible breach would only impact some of the company-owned restaurants in the United States.
A spokesperson wrote: “The Church’s system uses multiple payment processing systems and, as a result, not all Church’s restaurants—and none of our franchised locations—are believed to be impacted by this incident.”
A list of 130 restaurants in Alabama, Arkansas, Florida, Georgia, Illinois, Louisiana, Mississippi, Missouri, South Carolina, Tennessee, and Texas that may have been impacted has been published by the company on its website.
Church’s sought professional help after detecting the unauthorized activity.
A spokesperson wrote: “Our company immediately retained a leading cybersecurity forensics firm to help us contain and remediate the activity, and launch an investigation to determine the extent to which information in Church’s systems may have been impacted. In addition, we are continuing to cooperate with federal law enforcement and have notified payment card networks and credit monitoring agencies.”
The investigation into a possible breach is ongoing, and the company is still trying to determine which restaurants may have been involved and when any specific incidents may have occurred.
Updates will be posted to a specially created page on the company’s website www.churchs.com/security as they emerge.
A spokesperson wrote: “Church’s will provide updates once we have completed our investigation and know more about any payment cards that may have been impacted.”
The company reminded diners that it is always good practice to review their payment card statements regularly, monitor free credit reports, and report any unusual or unauthorized purchases to their card issuer immediately.
Source: Infosecurity Magazine