Chick-fil-A has confirmed a data breach of their mobile app that potentially exposed personal information of users.

In a statement, the restaurant chain said the break impacted less than 2% of its customers but added it has taken steps to prevent further breaches.

“We never want our customers to experience something like this and have communicated directly with those impacted to resolve these issues, while taking necessary efforts to protect our systems and our customers in the future,” the statement said.

“We are grateful for our customers’ patience while we worked to resolve this issue and sincerely apologize for any inconvenience caused.”

WSOC-TV reported Chick-fil-A noticed unusual login activity on a specific Chick-fil-A One account and then launched an investigation. The investigation determined a cyberattack had been launched on the restaurant’s website and app between December 2022 and February of this year. The attack was launched using email addresses and passwords from a third-party source.

The information taken from customers includes names, email addresses, Chick-fil-A membership numbers, mobile payment numbers, QR codes, money saved on Chick-fil-A accounts and other personal information. The hackers also had access to credit and debit card numbers but only the last four numbers of whatever card was used to pay.

WSOC reported the company has taken several steps to prevent future issues, including increasing online security, monitoring and fraud control and sending alert to customers to reset their passwords. The restaurant also reimbursed mobile accounts that were impacted by the cyber-attack.

Chick-fil-A has information on what to do if you suspect your account has been compromised. You can see the steps you should take here.

What to do if fake mobile orders have been made using your account or if your points were used to redeem or gift rewards fraudulently.