Payment Card-Stealing Malware Used In Chipotle Data Breach

Chipotle Mexican Grill has confirmed that hackers employed malware in order to obtain customer payment data in a security breach that occurred in a period of three weeks. Most of the restaurant chain’s 2,250 restaurants were struck by the hackers on dates varying between March 24 this year and April 18. A huge percentage of the affected restaurants were in the United States while a number of them were in Canada.

The restaurant chain, however, disclosed that it didn’t have information on the number of customers or payment cards which had been affected by the data breach. Most of the stolen data consisted of internal verification codes and account numbers.

Magnetic stripe cards

Further investigations revealed that a malware had been planted to obtain data from the payment cards’ magnetic stripe. Chris Arnold, a spokesperson for Chipotle, revealed that the restaurant chain was not in a position to alert customers concerning the breach since it didn’t collect identities when the purchases were being made. The food chain, however, posted information concerning the breach on its websites

According to Privacy Rights Clearinghouse’s Paul Stephens, the stolen data could be used by the hackers in a variety of ways. For instance the hackers could use the information to make purchases on online sites that are less secure, siphon money out of bank accounts that are linked to the debit cards or even to make cloned credit cards.

Data breach fine

Some security analysts are of the opinion that Chipotle will be fined due to the breach.

“If your data was stolen through a data breach that means you were somewhere out of compliance with payment industry data security standards,” said Aite Group’s Julie Conroy.

Besides a fine the card issuers are also likely to hold Chipotle responsible for any fraud which might result as a direct consequence of the breach. Earlier in the year, Target, one of the major retailers in the United States was slapped with a fine amounting to $18.5 million after a data breach which occurred in 2013.

The hacking at Chipotle comes at a bad time since the restaurant chain had only recently started to see a revival of growth in sales but the development could once again threaten the improvements that have been made. The downturn that Chipotle had earlier experienced followed a food poisoning crisis that hit the restaurant chain in 2015 following an outbreak of norovirus, salmonella and E.coli which left hundreds of people sick.

Leave a Reply