The pattern which most data breaches of major companies follow and which I described in a column in USA Today in September has apparently happened again, this time involving Chick-fil-A, the popular fast food franchise.  As usual the pattern is that banks that constantly monitor fraudulent use of credit cards and debit cards discovered the breach, which still has not been confirmed yet by Chick-fil-A although you can expect them to do so soon.  The apparent data breach appears to have occurred in franchise locations in Georgia, Maryland, Pennsylvania, Texas and Virginia.  Chick-fil-A released the following, statement, which also follows the pattern I described in my USA Today column: “Chick-fil-A recently received reports of potential unusual activity involving payment cards used at a few of our restaurants.  We take our obligation to protect customer information seriously and we are working with leading IT security firms, law enforcement and our payment industry contacts to determine all facts.”  The data breach appears to have occurred between December 2, 2013 and September 30, 2014.


We can expect still more of these type of data breaches to occur up until October of 2015 when stores will be required by new regulations to fully implement the use of safer (but not totally safe) smart chip credit cards.  Since October of 2013, a particular type of malware called Backoff has been used against more than 1,000 companies.  Despite FBI warnings about this type of malware which infects point-of-sale card processing devices, many companies still have not protected themselves as best they could.  It should be noted, that some retailers, such as WallMart, have already switched to the card processors for smart cards, although that will only protect you if you have one of the new smart chip cards.  You may wish to ask your credit card issuer to send you a new card with the smart chip to be ahead of the curve.

If you were a customer of Chick-fil-A during the time period described above you should carefully review your credit and debit card charges for that period (which we should all be doing regularly, in any event).  This is also a good time to remind you to put that debit card away and only use your credit card for retail purchases due to the stronger laws protecting you in the event of fraudulent use of your credit card than those that apply to fraudulent use of your debit card.  Limit your debit card use to use as an ATM card only.