Tuesday, May 30, 2017

Chipotle Customer Payment Info Stolen by Hackers

Chipotle Logo.png
 
 
It seems that the word in security these days is not “IF” you get hacked, it’s more like “when” you get hacked.  The latest bad news in that department comes from one of America’s favorite Mexican restaurants, Chipotle.  
 
The company is reporting that most of its 2250 restaurants were struck by the hack which started on March 24 and was shut down on April 18.  This is an interesting breach as the company doesn’t have any idea how many payment cards or customers were affected.  That is because the malware hackers used searched for data from the “mag stripe” on the cards.  The magnetic stripe or “mag stripe” as it is known is the thin brown band on the back of a payment card that magnetically holds the info needed to identify the purchaser and complete the transaction. 
 
Since Chipotle does not store the names or addresses of customers during a payment transaction, they have no way of notifying those potentially affected by the hack.  Probably the best way for you would be to forensically check your personal records to see if you ate at a Chipotle during the time the hack was live.  If you *did use a card during that time window, either get new cards issued or pay close attention to charges placed on your account!!!”

Industry experts have voiced their concerns on this problem as well.  However, if you want to read a complete explanation from Reuters, here is the link.  

"If your data was stolen through a data breach that means you were somewhere out of compliance" with payment industry data security standards, Julie Conroy, research director at Aite Group, a research and advisory firm.

"In this case, the card companies will fine Chipotle and also hold them liable for any fraud that results directly from their breach," said Avivah Litan, a vice president at Gartner Inc (IT.N) specializing in security and privacy.

Post a Comment