KFC's Loyalty Program Gets Hacked

The fast food mogul, KFC issued a mass email last week to the 1.2 million members in their loyalty program in the U.K.

The brand instructed their members in this email to change their passwords after announcing that the restaurant chain’s website was hacked.

Since the brand also instructed its loyal fans to change their passwords on other services, it has been assumed that the hackers have access to Colonel’s Club database of email addresses.

“Our monitoring systems have found a small number of Colonel’s Club accounts may have been compromised as a result of our website being targeted. Whilst it’s unlikely you have been impacted, we advise that you change your password as a precaution. If you use the same email address and password across other service, you should also reset them, just to be safe,” wrote KFC in an email to Colonel’s Club members.

Luckily, billing information is not stored on the user’s profile so hackers were not able to access financial information.

“We take the online security of our fans very seriously, so we’ve advised all Colonel’s Club members to change their passwords as a precaution, despite only a small number of accounts being directly affected. We don’t store credit card details as part of our Colonel’s Club rewards scheme, so no financial data was compromised,” said KFC in a statement to TechCrunch.

KFC tried to reassure users that they had “introduced additional security measures” in attempt to better protect their loyal customers’ information from being hacked in the future.  

How so?

“As a result of automated software attempting to guess Colonel’s Club members’ passwords, we have implemented changes to our back end and front end systems. One thing customers may notice is the addition of reCAPTCHA on the website, which is used to distinguish between human and software login attempts,” said KFC in a statement to TechCrunch.

Although the brand has reported that only 30 accounts were compromised, the hack is not going over well with their customers.

“If a company is recording our personal information in a database for whatever reason, they have a responsibility to protect it no matter the cost — and KFC has clearly failed to do so,” wrote Josh Levenson for TNW.

Read more