Chipotle Restaurants hit with Credit Card info-stealing malware

Chipotle customers were put on high alert after authorities related to the restaurant chain alerted them about a cyber attack which took place between March 24th to April 23rd of this year. The security alert was related to a malware which had the potential to steal credit card info and was inserted by hackers through a phishing campaign in Feb this year.

The Colorado-based Mexican Grill company acknowledged the breach on April 25th,2017 and launched an official probe on April 28th,2017. It was discovered in the breach that the malware infected the cash counters of Chipotle Restaurant Chain in such way that all the data related to financial transactions and credit card swipes made at the cash counters were leaked out to hackers.

Authorities say that the malware captured information stored on the magnetic stripe on credit cards called “Track Data”. The info includes cardholder’s name, card number, expiration date and internal verification code.

As soon as the malware was discovered, the authorities of the restaurant chain informed law enforcement officials and a cyber security firm. After the probe, the security firm which was involved in the investigation succeeded in listing out the restaurants and the times they were affected. The details are available on Chipotle’s website.

As a precautionary measure, Chiptole Mexican Inc has displayed signboards at its every restaurant saying that all its customers should scan their credit card statements for potentially fraudulent purchases. If any discrepancies are found, the company is advising the customers to approach the Federal Trade Commission, the attorney general of their home states or any local police department.

On an additional note, to stay out from such risks, Chipotle is asking its customers using credit cards to activate a security freeze feature or place a fraud alert service request on their cards.

The company CEO Chris Arnold said it a twitter disclosure made this morning that most, but not all restaurants may have been involved in the malware attack. He, however, ruled out the fear of WannaCry Ransomware which encrypts the entire database until a specific ransom is paid. Arnold added that none of his company systems or Point-of-Sale devices were locked from access and this clearly suggests that the malware attack was not of ransomware variant.

Note- Chipotle is located in more than 2K locations and has a net income of $475.6 million and a staff of more than 65,000 employees. It is renowned for nutritious food and is also famous for its catering services. Apart from the US chain of restaurants, Chipotle has its customer base in Canada, UK, France, and Germany.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display