In response to the attack, Chick-fil-A forced customers to reset passwords, froze funds loaded into accounts, and removed any stored payment information from accounts. Chick-fil-A also states that they restored Chick-fil-A One account balances and added rewards to impacted accounts as a way of apologizing. As the accounts were breached using credentials exposed in other data breaches, impacted users must change their passwords at all sites they frequent, especially if they use the same Chick-fil-A password. When resetting passwords, use a unique password for each site and store them in a password manager so that they can be easily managed. While there is no evidence that personal information was abused, impacted customers should also be on the lookout for potentially targeted phishing emails utilizing this information.
https://www.bleepingcomputer.com/news/security/chick-fil-a-confirms-accounts-hacked-in-months-long-automated-attack/
