Fast food chain Chick-fil-A is investigating a possible data breach involving its customer card data, the company announced Tuesday (Dec. 30).
In a statement, later published on its website, Chick-fil-A says it is probing unusual activity regarding the use of payment cards originating from use at several restaurant locations. According to the company, Chick-fil-A was first notified of the suspicious activity by payment industry contacts on Dec. 19. In response, the chain has launched a probe in cooperation with IT security firms, the payment processors, and federal law enforcement officials.
"We want to assure our customers we are working hard to investigate these events and will share additional facts as we are able to do so,” Chick-fil-A said. “If the investigation reveals that a breach has occurred, customers will not be liable for any fraudulent charges to their accounts – any fraudulent charges will be the responsibility of either Chick-fil-A or the bank that issued the card."
The restaurant says the investigation is ongoing and it has not made any conclusive findings regarding the potential data breach. One unnamed security source told reporters that MasterCard issued a fraud alert to its customers on Dec. 19 about a merchant that possibly experienced a data hack between December 2013 and September 2014.
Reports say card issuers suspected that merchant to be Chick-fil-A or its payments processor, Charge Anywhere. Charge Anywhere confirmed earlier last month that malware caused a security breach of its network.
The alleged hack comes at a highly-susceptible time for many retailers. Historically, the holiday shopping season has meant big business not only for merchants, but also for hackers targeting the card data obtained by shoppers. Similar data breaches occurred at Home Depot, Staples and Supervalu, all within the second half of 2014.
And experts see no sign of data hackers slowing their payment card conquests. Security firms say 2015 will likely see ATMs and mobile payments systems like Apple Pay targeted for its customer data.
The influx of consumer data breaches has forced a new rift between retailers and credit card issuers regarding who should be responsible for compensating cardholders for fraudulent charges on their card accounts.