KFC loyalty scheme hit by hackers

Colonel's Club members advised to change passwords

Fast food chain KFC has said that it's loyalty card scheme Colonel's Club has been hacked.

KFC claimed that only 30 members had been targeted. Nevertheless, it informed all of the scheme's 1.2 million members about the breach.

"Our monitoring systems have found a small number of Colonel's Club accounts may have been compromised as a result of our website being targeted. Whilst it's unlikely you have been impacted, we advise that you change your password as a precaution," KFC said in an email to members.

"As this type of problem is becoming more common online, we've now introduced additional security measures to further safeguard our members' accounts and to stop this kind of thing happening again."

KFC did not disclose any details about the attack or what other information may have been accessed, but the firm told TechCrunch that no financial details had been compromised, but that the hack represented an increased risk of phishing.

"No card details are thought to be stored as part of the scheme, which customers can sign up to in order to start collecting Chicken Stamps to earn free food rewards," it said. "However, hackers could use personal account details to craft convincing phishing messages designed to harvest more personal and financial information from individuals, or try members' other online accounts they may share the same credentials with."

High-Tech Bridge CEO Ilia Kolochenko said that KFC had done the right thing to inform customers, even though the risk was apparently minor.
"Not only [has KFC] managed to detect the incident in time, evaluate the scope of the breach, but has also notified the affected customers in a direct and transparent manner," he said.

"In the light of recent mega-breaches, when tens of millions of customers were informed about tremendous data leaks months after they had actually occurred, KFC serves a good example of incident management and response."

Last month food delivery firm Deliveroo was hit by hackers. In that case financial details were compromised and customers advised to cancel their bank cards.