Chick-fil-A app users subjected to months-long data breach

Photo of Katy Barber

A Chick-fil-A restaurant is seen on July 05, 2022 in Houston, Texas. 

A Chick-fil-A restaurant is seen on July 05, 2022 in Houston, Texas. 

Brandon Bell/Getty Images

Chick-fil-A announced last week that app users were subjected to a prolonged data breach that exposed account information and allowed hackers to make orders using linked debit and credit cards. The fast food chain detailed the security breach in a notice filed on the California Attorney General’s website on Thursday, March 2, noting that “unauthorized parties” carried out an automated attack on the company’s websites and apps from December 18, 2022, to February 12. 

The breach broke into user accounts, giving the bad actors possible access to account information including your name, birthday, home address, email address, Chick-fil-A One membership number and mobile pay number, QR code, masked credit/debit card number, and the amount of Chick-fil-A credit (e.g., e-gift card balance) if any. 

Some affected customers took to Twitter to air their grievances, including users who had their accounts and linked debit cards used to make illicit purchases. User @aleXXa4life reported having $50 worth of food ordered by hackers, prompting @CUZIATTRACTIT to respond saying someone stole $200 from her and changed the email on her account. One user, @pztheaquarius, said that Chick-fil-A gave her stolen rewards points back that were taken from her account and given reward points from illicit orders made from her account. 

The company said it took action “as soon as Chick-fil-A discovered the incident,” including requiring customers to change their password and “removing any stored credit/debit card payment methods, and temporarily freezing funds previously loaded onto customers’ Chick-fil-A One accounts.” The company also reportedly issued refunds “where possible.”

Chick-fil-A shared a resource guide along with the public notice for steps that concerned customers can take if they realize their information has been compromised, including contacting the U.S. Federal Trade Commission, ordering a free credit report and placing a fraud alert on your credit file, and more. Customers can call a toll-free call center at 833-753-4428 for more information.