Finger-lickin' hack: KFC loyalty card scheme breached

KFC fans may be spitting feathers today, after the fried chicken franchise admitted its UK loyalty card programme has been hacked.

The 1.2 million members of the Colonel's Club - which allows customers to earn points and rewards through repeated visits to the chain's locations - were informed that the system had been compromised, and that they should change their passwords for the service along with any accounts that shared it.

Just 30 user passwords were targeted, the Colonel said, adding that the incident was not a major hack. A KFC representative was also quick to point out that no payment information was put at risk.

"We take the online security of our fans very seriously, so we've advised all Colonel's Club members to change their passwords as a precaution, despite only a small number of accounts being directly affected," Brad Scheiner, head of IT at KFC UK & Ireland, said in a statement emailed to IT Pro. "We don't store credit card details as part of our Colonel's Club rewards scheme, so no financial data was compromised."

KFC is also set to introduce improved security measures, according to reports.

Cloud security firm CensorNet's CEO, Ed Macnair, said: "While the cause of the hack has still not been confirmed, the whole incident reveals a lack of cybersecurity hygiene. Prevention is always better than cure, but at least the Colonel's more senior employees have since promised to introduce additional security measures to safeguard customer accounts.

"For the 1.2 million Colonel's Club customers who may have been affected, as well as changing passwords for the KFC site, we'd recommend adopting a decent password manager that generates complex passwords that are extremely difficult to crack."

Adam Shepherd

Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.

Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.

You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.