The Fast-food chain Chipotle notified users a security breach, hackers compromised its point of sale terminals to steal payment card data.
The Mexican Grill Fast-food chain Chipotle notified users a data breach, hackers infected its point of sale terminals to steal payment card data.
The malicious code infected systems in 47 states and Washington earlier this year from March 24 to April 18.
The list of affected Chipotle restaurants is available here.
“The investigation identified the operation of malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle restaurants between March 24, 2017 and April 18, 2017.” reads the data breach notification published by the company. “The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. There is no indication that other customer information was affected.”
The company highlighted that not all the locations were breached by hackers, you can check a specific location at the following address:
Users who have paid at the compromised stores should stay vigilant on their bank accounts and check any transaction involving their payment card.
The company confirmed to have removed the malicious code from the infected systems.
“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures. In addition, we continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.” reads the statements.
PoS systems attacks are very common, this week Target, the US retail giant that suffered one of the most severe PoS system attacks, has entered a settlement with the US Attorneys General and it has agreed to pay $18.5 million over the 2013 data breach.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.