Hacker claims breach of KFC Venezuela, offers alleged stolen data for sale

A threat actor claims they have breached KFC's Venezuela operations and is offering for sale an alleged database containing the personal and order information of more than one million customers. 

The alleged stolen database is a single 405 MB CSV file containing 1,067,291 rows of customer data. The nature of the attack is not disclosed by the threat actor. The supposed compromised information includes:

• Full names (cliente_fullname)
• Phone numbers (cliente_phone)
• Email addresses (cliente_email)
• Complete delivery addresses (cliente_direccion)
• Payment method information
• Exchange rate information used in transactions
• Order details including item names, quantities, and unit prices
• Order identification numbers (orden_id)
• Store identification codes (tienda_id)
• Sales channel identifiers (aggregador_id)
• Order creation timestamps
• Order update timestamps

The number of affected individuals is not disclosed.

As of the time of reporting, KFC Venezuela has not released an official public statement acknowledging or addressing the alleged data breach.