Chick-fil-A, the Georgia-based fast food restaurant chain, announced on January 2 2015 that it is investigating a potential data breach involving customer payment cards.

The sandwich chain was notified of suspicious card activity by its payment industry contacts on December 19 2014. For two weeks, Chick-fil-A has been working with relevant authorities to fully understand the extent of the problem. It is currently unknown how many restaurants have been affected and, indeed, how many customers.

Chick-fil-A has contacted federal law enforcement about this possible data breach and will arrange free identity protection services to any affected customers. All customers are advised to regularly monitor their card accounts and check for suspicious activity.

This suspected payment card breach comes just four months after Dairy Queen and Jimmy John’s fast food chains also became victims of cyber criminals.

All organizations that store, transmit, or process payment card holder data must comply with the Payment Card Industry Data Security Standard (PCI DSS). Among other things, it requires merchants and member service providers (MSPs) to:

Build and maintain a secure IT network

Protect cardholder data

Maintain a vulnerability management program

Implement strong access control measures

Regularly monitor and test networks

Maintain an information security policy

Failure to comply with the PCI DSS can result in severe fines.

It is not yet known whether responsibility for the data breach lies with Chick-fil-A or a third-party vendor involved with the payment data.

Subscribe to our blog for more information on this story.

[wysija_form id=”4″]