ALERT! Chipotle Mexican Grill INFECTED with Nasty Credit Card Stealing Malware – Here’s What We Know

ALERT! Chipotle Mexican Grill INFECTED with Nasty Credit Card Stealing Malware – Here’s What We Know

I hadn’t even heard of this. Chipotle Mexican Grill was infected with malware earlier this year that steals credit card information at the point of sale. It hit restaurants in every state and most major cities. They have now identified the malware and are handling it. They also have a new tool that customers can use to see if a restaurant they visited was impacted by the malware. This attack also hit their affiliate Pizzeria Locale.

Chipotle says they have not ascertained if all outlets were affected yet. If it turns out that your restaurant is on that list, they are recommending that you file a police report. They are also recommending that you contact the Federal Trade Commission, or place a fraud alert or security freeze on your bank account. I would definitely freeze your credit or debit card and get it replaced. What a mess.

From Liberty Unyielding:

Chipotle Mexican Grill today announced that it has identified the malware that was responsible for the credit card hack earlier this year. Alongside the news, it also released a new tool to help customers check whether the restaurant they visited was involved. When pressed by The Verge, Chipotle did not disclose the exact numbers of restaurants affected, but said “most” locations nationwide may have been involved.

“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device,” Chipotle said in a statement. “There is no indication that other customer information was affected.”

We browsed through the tool and found that every state Chipotle operates in had restaurants that were breached, including most major cities. The restaurants were vulnerable in various time frames between March 24th and April 18th, 2017. Chipotle also operates another chain called Pizzeria Locale, which was affected by the hack as well. (The list of identified restaurants can be found here, which includes locations in Kansas, Missouri, Colorado, and Ohio.)

We live in dangerous times and this type of theft has become all too common. For all the hassle you will go through on this with your bank, etc., any charges incurred will be your liability. That seems wrong to me as this is the fault of the restaurant for having lax security on purchases. I feel a lawsuit coming on here.

Frankly, with that kind of attitude, I don’t think I’d eat there anymore. Chipotle said in a blog post that it worked with law enforcement officials and cybersecurity firms on an investigation. The breaches happened between March 24 and April 18. The malware worked by infecting cash registers and capturing information stored on the magnetic strip on credit cards, called “track data.” Chipotle said track data sometimes includes the cardholder’s name, card number, expiration date and internal verification code.

“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures,” the blog post reads. A list of the restaurants and times they were affected can be found on Chipotle’s website. This was handled very poorly and I bet it will seriously impact their business as it should.

Terresa Monroe-Hamilton

Terresa Monroe-Hamilton is an editor and writer for Right Wing News. She owns and blogs at NoisyRoom.net. She is a Constitutional Conservative and NoisyRoom focuses on political and national issues of interest to the American public. Terresa is the editor at Trevor Loudon's site, New Zeal - trevorloudon.com. She also does research at KeyWiki.org. You can email Terresa here. NoisyRoom can be found on Facebook and on Twitter.

Leave a Comment

Share this!

Enjoy reading? Share it with your friends!

Send this to a friend