Chipotle Hacked by Malware
After a cyber security attack, Chipotle Mexican Grill, Inc. (Chipotle) revealed the results of their malware investigation. The initial report on 25 April 2017 reported that their point-of-sale system had been hacked between the dates of 24 March 2017 and 18 April 2017. Chipotle also operates another restaurant chain called, Pizzeria Locale which was also affected by the malware attack.
The malware was injected by hackers into many of Chipotle’s retail locations’ point-of-sale (cash register) systems. According to a spokesperson, “most” of Chipotle locations were affected by the attack although the company declined to say exactly how many. The list of hacked restaurants can be found on their website.
“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device,” according to a company statement.
Although the malware search for track data, Chipotle maintains that customers are not affected. However, they are advised to check their credit card and bank statement if they visited a restaurant on the list during the hack timeframe.
Malware, or computer virus, is software used by hackers to cause damage to, steal from or deny access to a system. Malware is commonly spread through emails that convince the reader to click on a link or give up personal information. Investigators did not reveal how the malware get into the point-of-sale systems or how it spread to so many of them.
One of the latest malware cyber-attacks was the global WannaCry ransomware attack. That computer virus affected personal computers and spread through email. WannaCry denied access to computers until a ransom was paid in Bitcoin.
The cyber-attack is yet another woe for embattled Chipotle. In 2016, the restaurant chain shut down nationwide due to unsanitary conditions. Several locations were contaminated with the norovirus which sickened customers.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers