UK: KFC loyalty program hacked

WM Circle Logo

By: RickFerguson |

Posted on December 20, 2016

Whether its the Democratic National Committee in the United States or a fast food chain in the United Kingdom, organizations and businesses around the world are under increasing threat of data theft by hackers - and loyalty progams are no exception. The latest target: Kentucky Fried Chicken (KFC), which last week revealed that the personal information of up to 1.2 million reward program members could have been revealed to hackers.

By Rick Ferguson

From initial reports, it appears that the hack was a minor one; Forbes revealed that the initial impact of the hack may have been limited to a mere 30 accounts - a sign that the hackers may have simply been trying email-password combinations downloaded from other successful hacks. And unlike other fast-food chains that have tied their reward programs to mobile payments, the KFC loyalty database contains no member payment details.
While the chain did send out emails to members advising them to change their passwords, Forbes at least doesn't think KFC's response went far enough. Money quote:
"KFC's response may seem like it doesn't go far enough. They didn't force a password reset, after all, they only recommended that users change their passwords. They also prefaced that recommendation by saying that 'it's extremely unlikely that [individual users] have been impacted.' That's not exactly the kind of wording that conveys real urgency. As KFC notes, their database contains no payment information of any kind. They're also implementing 'additional safety measures to further safeguard [...] members' accounts,' which is welcome news -- though they didn't detail what those measures might be."
We'd have to side with Forbes here. KFC may be breathing a sigh of relief that the hacking attempt didn't go farther, but part of the essential contract between loyalty program operators and their members is the explicit promise that members' personal information will remain secure. Add in the notion that many programs are now linked to payment card information through the mobile device, and a hack of loyalty program data that causes real damage - both to members and the sponsoring brand - seems a near certainty.
Still, consumers have demonstrated a willingness to forgive data breaches provided the target company responds quickly and proactively to ameliorate the damage and secure data going forward. If easing members' concerns requires a little more effort on the part of KFC than a single email, then it's probably worth it.
Rick Ferguson is CEO and Editor in Chief of the Wise Marketer Group.