Cyber Incident Victim: Church's Chicken

Church’s Chicken initiated an investigation into a potential data security incident affecting credit and debit card information at certain company-owned U.S. restaurants in November 2019. The breach involved unauthorized third-party access to payment processing systems at a subset of the chain’s 165 corporate-operated locations across 11 states. Upon detecting the suspicious activity, the company engaged cybersecurity forensic experts to assess the intrusion and determine its scope. Church’s Chicken promptly notified federal law enforcement agencies and major credit reporting bureaus about the incident. According to the company’s security update page, the compromised data included payment card numbers, cardholder names, and associated expiration dates from transactions processed during the breach period. The investigation focused on identifying the specific timeframe of exposure and the number of impacted customers.

The incident exclusively affected corporate-managed restaurants, though the exact number of compromised locations remained undisclosed. Church’s Chicken did not confirm whether franchised locations experienced similar security issues. The company maintained public updates through its dedicated security portal while coordinating with financial institutions to monitor for fraudulent transactions involving exposed payment cards. No evidence suggested theft of customer addresses, Social Security numbers, or other personally identifiable information beyond payment card details. The forensic review aimed to establish the intrusion methodology and implement enhanced security measures across affected systems. Federal authorities continued their parallel investigation as the restaurant chain worked to contain the breach and prevent further unauthorized access to its payment infrastructure.