KFC otherwise known as Kentucky Fried Chicken is a fast food restaurant chain that specializes in fried chicken and is headquartered in Louisville, Kentucky, United States.

Kentucky Fried Chicken has alerted its UK loyalty rewards program members that some identity related information may have been compromised in a hack by sent an email to all 1.2 million members of its Colonel’s Club loyalty program in the UK on Monday, urging them to change their passwords after its recent data breach, according to Forbes report.

KFC has confirmed after it discovered its website had been targeted by hackers that several user data belonging to members of its Colonel’s Club card loyalty scheme may have been compromised.

At least KFC has recognized the risk of being hacked is rising and has “introduced additional security measures” to stop this kind of thing happening again,” but to be brutally honest, it should never have happened in the first place.

KFC reportedly only found 30 accounts that were compromised so far. Even though it may not result in a massive breach, KFC did send out emails to its 1.2 million members of the club, who can earn and cash in “Chicken Stamps” over repeated visits to the restaurant chain to change their passwords and are also reminding anyone who has reused a password and email address combination to change those as well.

It’s unclear what information the hackers managed to get their hands on, but the possibility that users’ names, dates of birth, and addresses could be in the hands of hackers will likely concern the quick-service restaurant’s (QSR) consumers or a list of email addresses and passwords. But seeing as KFC is encouraging all 1.2 million members of the loyalty scheme to change their passwords as a precaution to other services too.


Photo by KFC Customer


Fortunately, the firm doesn’t store billing details as part of its rewards scheme, so no financial data was acquired. The company has further moved to reassure its loyalty scheme members that no credit card details are stored alongside their details, so there is no risk of their financial data being compromised because of the breach.

In a statement to ITV News, Brad Scheiner, head of IT at KFC UK and Ireland, said:

“We take the online security of our fans very seriously, so we’ve advised all Colonel’s Club members to change their passwords as a precaution, despite only a small number of accounts being directly affected. We don’t store credit card details as part of our Colonel’s Club rewards scheme, so no financial data was compromised.”

Ilia Kolochenko, CEO and founder of security firm High-Tech Bridge, commended KFC on its “mature and professional” handling of the breach, given how quickly it has moved to make customers aware of it.

“Not only [has KFC] managed to detect the incident in time, evaluate the scope of the breach, but has also notified the affected customers in a direct and transparent manner,” he said. “In the light of recent mega-breaches, when tens of millions of customers were informed about tremendous data leaks months after they had actually occurred, KFC serves a good example of incident management and response.”

KFC is said to have implemented changes to both their back end and front end systems, including adding reCAPTCHA on the website to avoid automated login attempts.