A threat actor claims to have breached KFC Venezuela and is now selling the allegedly stolen database. KFC Venezuela is the Venezuelan franchise of the major American fast food restaurant chain specializing in fried chicken.
According to a post dated October 8, 2025, the threat actor is offering a database containing 1,067,291 records related to customers and their orders.
The actor claims the 405 MB database contains a wide range of sensitive information. The allegedly compromised data includes:
- Full customer names
- Phone numbers
- Email addresses
- Full delivery addresses
- Payment method & exchange rate
- Ordered items with quantity & price
- Order creation & update timestamps
- Store information (name, code, address, contact)
- Order IDs, delivery info, store & aggregator IDs
- Sales channel & order status
