KFC sent an email to all 1.2 million members of its Colonel’s Club loyalty program in the UK on Monday, instructing them to change their passwords after it discovered its website had been targetted and several user accounts potentially compromised.
It’s unclear what information the hackers managed to get their hands on, but seeing as KFC is encouraging users to change their passwords to other services too, we’re guessing that it was probably a list of email addresses and passwords.
Fortunately, the firm doesn’t store billing details as part of its rewards scheme, so no financial data was acquired. Nevertheless, it’s still pretty disappointing and, as a Colonel’s Club user myself, frustrating to have to change my password.
At least KFC has recognized the risk of being hacked is rising and has “introduced additional security measures” to stop this kind of thing happening again,” but to be brutally honest, it should never have happened in the first place.
If a company is recording our personal information in a database for whatever reason, they have a responsibility to protect it no matter the cost — and KFC has clearly failed to do so.
We don’t know how the hacker gained access to the system, but if KFC put the same effort into securing its databases as it does into protecting its legendary recipe, all of our passwords would be safe right now.