In response to the potential data breach KFC has urged its clients to change their passwords following the cyber attack.
The email suggested that a small number of loyalty scheme users accounts “may have been compromised as a result of our website being targeted”.
Javvad Malik, security advocate at AlienVault suggests that because of the number accounts that have targeted is small, “it appears as if password re-use could have been the attack vector – like the attack against Deliveroo.”
It is suspected that details including passwords and contact information may have been stolen.
The information accessed, however, didn’t include financial details, but cyber criminals could still make use of the email addresses and passwords taken to mount other types of scams, like a phishing attack.
KFC mentioned in the email that it had increased security measures because this type of problem is becoming more common online, we’ve now introduced additional security measures to further safeguard our members’ accounts and to stop this kind of thing happening again”.
>See also: Another day, another hack: Deutsche Telekom
However, it is unclear if the passwords stolen were encrypted or what exactly these safeguards are.
“It’s good to see KFC had monitoring systems in place and were able to detect the suspicious activity, thus were able to take steps before greater damage was done,” said Malik.
“If not already done so, companies of all sizes should consider investing in monitoring systems that help to detect and respond to such threats in a timely manner.”