Chipotle Hacked with Credit Card Stealing Malware

According to the popular Chipotle burrito chain, a very strong cybersecurity attack hit a large number of restaurants. This attack allowed hackers to steal credit card information from the restaurants’ clients. The company reportedly first noticed that there was something wrong on April 25. However, it wasn’t until Friday that Chipotle confirmed in a blog post what kind of malware the hackers used. The same blog post also revealed the exact restaurants that the attack affected.

A cyber-attack on Chipotle Mexican Grill

The list which Chipotle published is extensive and includes a large number of restaurants in many large United States cities. On Sunday, spokesman Chris Arnold said that the cyber-attack affected most of company’s restaurants, but not all of them. According to the company’s blog post, they are currently working with law enforcement officials and some cybersecurity firms on an investigation. It may reveal the guilty people behind this extensive attack and also punish them accordingly.

According to reports, the breach took place sometime between March 24 and April 18. The malware reportedly first infected the cash registers. It then stole the information from the magnetic strip found on credit cards. Its official name is actually “track data”. According to Chipotle, this “track data” can sometimes include vital information like the possessor’s name, card number, expiration date and even internal verification code. The company also reassured the customers that they have no information about any other type of data which the hackers might steal. So, for the moment, their personal information is safe.

Stealing card information

In the same blog post, Chipotle is stating that the cybersecurity firms aiding the company managed to remove the malware during their investigation. However, they will continue to work together to find and establish new and better ways to reinforce the restaurants’ cybersecurity measures. The company’s website also posted a list with all the restaurants which the cyberattack affected. This way, people will know to avoid them, at least temporarily.

Chipotle also had some advises for their customers. The first one was to scan their credit card statements in order to find potentially fraudulent purchases. If they find anything suspicious, they should immediately contact the state’s attorney general, the local police department or the Federal Trade Commission.

Images source: flickr




Leave a Reply

Your email address will not be published. Required fields are marked *