ATLANTA (1/5/15)--The Atlanta-based fast-food chain Chick-fil-A announced last week it is investigating a possible data breach of its payment systems, a revelation drawing the attention of the Credit Union National Association.
"It's devastating to credit unions and their members that merchant data breaches are becoming commonplace," said Jim Nussle, CUNA president/CEO. "Chick-fil-A is another example of how data breaches will continue to be prevalent at retailers until they are held to the same data security standards as credit unions and other financial institutions."
CUNA continues to press members of Congress to craft legislation that would require merchants such as Chick-fil-A to meet the same security standards as those imposed upon financial institutions.
When data breaches occur, financial institutions are left paying the bill when fraudulent activity takes place, rather than the merchants where the breaches occur.
Between the recent cyberattacks on Target and Home Depot alone, credit unions nationwide paid roughly $90 million in breach-related costs.
Chick-fil-A released a statement regarding the potential breach at its stores and said that if a breach has occurred, customers would not be liable for any fraudulent charges.
"Any fraudulent charges will be the responsibility of either Chick-fil-A or the bank that issued the card," the statement said.
KrebsOnSecurity reported that it first heard about compromised cards used at Chick-fil-A in November, but it was an alert from a major credit card association in December that confirmed the severity of the breach.
"It's crazy because 9,000 customer cards is more than the total number of cards we had impacted in the Target breach," a banking official told Krebs (Dec. 30).
The source also said the majority of the fraudulent activity has been taking place in Georgia, Maryland, Pennsylvania, Texas and Virginia.