Company is investigating a “possible credit card breech.”]
Chick-Fil-A is spending the beginning of 2015 not just serving chicken to hungry partygoers on their way home, but also dealing with a possible credit/debit card breach. The fast food chain has just issued an official statement admitting that it has "recently received reports of potential unusual activity involving payment cards used at a few of [its] restaurants." It says the company has been notified on December 19th of suspicious payment activities on cards used on some of their outlets, so it has begun investigating what happened with help from authorities and IT firms. This aligns with what security journalist Brian Krebs wrote in mid-December: according to the piece, the company has been receiving rather inconsistent reports of suspicious activities from banks since November.
It also revealed that a few days before Christmas, a major credit card company alerted banks about a breach that started in December 2013 and lasted until September 2014, although it didn't name the retailer. One of those banks told Krebs that the warning message included a list of 9,000 credit cards, with only Chick-Fil-A as the common point of purchase. "It's crazy," his source said, "because 9,000 customer cards is more than the total number of cards we had impacted in the Target breach."
More at the link. Basically, there's no question that they got hacked, and they're being cagey about everything based on the advice of lawyers. Like Sony, it appears that they had known for some time that there was a problem with their security, but failed to act quickly.