The American fast-food restaurant specializing in halal chicken has just sent an email to its most loyal customers to warn them ofa hacking of its information system. Here is the information that was accessible: name, first name, email address, telephone number and loyalty number. Suffice it to say that you will once again have to expect to receive any scam calls in the coming weeks if you have the KFC loyalty card. Fortunately, banking data is not affected.
KFC France indicates that it has “ immediately suspended » accesses as soon as they are detected, without specifying the exact date of the incident or the number of members affected. An opacity which risks making people cringe, especially in a context where the French are increasingly exhausted by repeated leaks.
The usual reflexes, again and again
In terms of measures taken, the fast food chain ticks the classic boxes: filing a criminal complaint against X, notification to the CNIL in accordance with the GDPR, and strengthening of system security. All accompanied by a list of precautionary recommendations sent to members such as be wary of suspicious emails, do not click on questionable links, never communicate your bank details by telephone or SMS.
Common sense advice, certainly, but which rings a little hollow when we realize that it is precisely because the company failed to protect this data upstream that we are here.
An accumulation that tires
This new hack is part of a dark series which is seriously beginning to weigh on the patience of the French. Just a few months ago, Free suffered a record fine of 42 million euros imposed by the CNIL after the data leak of 24 million subscribers, including IBANs. The authority then pointed to authentications that were too weak and faulty monitoring. A step in the right direction that should motivate companies to be more careful with our databut a fine that will never return to the pockets of injured consumers…
The KFC case is for the moment less spectacular in terms of data exposed, no banking details being involved. But it illustrates once again that even companies in the catering sector, far from the image of cutting-edge technology, store and manipulate significant quantities of personal data via their loyalty programs, without providing the means to properly protect them.
What to do if you are a Colonel Club member?
If you have received this email, stay vigilant in the coming weeks against phishing attempts. Stolen data, even without an IBAN, is more than enough to build convincing targeted scams . An SMS that appears to come from KFC, a call pretending to be your bank in possession of your partial details or any other common scam, there is no shortage of scenarios.
🟣 To not miss any news on the WorldOfSoftware, follow us on Google and on our WhatsApp channel. And if you love us, .
