Has Your Burrito Been Hacked?
Chipotle has suffered a data breach. Yes, the beloved, yet recently beleaguered Chipotle restaurant chain has been hacked, exposing customer credit card information. At least 2250 locations were the source of the breach, between March and April of this year. Customer’s credit card numbers, names, verification codes, and transaction data were pilfered.
This was a Point-of-Sale (POS) malware type of attack where transactional data was siphoned at the registers and exfiltrated to the criminals. We have seen this type of attack at retail outlets for some time. As cash registers have basically become Personal Computers, they are vulnerable to many of the same exploits that hackers are familiar with. The scale of this attack suggests the criminals may use the numbers themselves or sell them on the dark market to other thieves to inappropriately make charges on the victim’s credit accounts.
Sadly, not much more information is being released by Chipotle, other than they are investigating the incident and working with law enforcement.
Chipotle is not alerting victims directly, as they don’t gather contact information. So, the burden of awareness and response is with the customers.
If you are a Chipotle customer, here is what you need to do:
First, check the tool that Chipotle has made available at the bottom of their official notice, which can be found at https://www.chipotle.com/security. By selecting your state and city, from the drop down menu, you can see if your favorite Chipotle restaurant was affected.
Second, keep a close eye on your credit card charges. Attackers may use the information to fraudulently make purchases. Small charges may appear first, as some fraudsters will ‘test’ to see if the pilfered account information is for an active card in good standing. Regardless, immediately report any suspicious transactions to your credit card provider.