A Credit Card Stealing Malware is infecting Chipotle Restaurants

Mexican Grill today announced that it has identified the malware attacks that were responsible for the credit card hack earlier this year. Alongside the news, it also released a new tools to help customers check whether the restaurants they visited was involved. When pressed by The Verge, Chipotle did not disclose the exact number of restaurants affected, but said “most” locations nationwide may have been involved in this attack.

“The malware searched for track data (which sometimes has cardholders name in addition to card numbers, expiration dates, and internal verification codes) read from the magnetic stripe of a payment cards as it was being routed through the POS device,” Chipotle said in a statements. “There is no indication that other customer information was affected.”

We browsed through the tools and found that every state Chipotle operates in had restaurant that were breached, including most major cities. The restaurant was vulnerable in various time frames between March 24th and April 18th, 2017. Chipotle also operates another chain of restaurants called Pizzeria Localea, which was affected by the hack as well. (The list of identified restaurants can be found, which includes locations in Kansas, Missouri, Colorado, and Ohio.)

Chipotle noted that not all location have been identified, but it’s a starting guide to checks whether your visit lines up with the breached period. If so, the company suggest you file a police report, contact the Federal Trade Commissions, or place a fraud alert or security freeze on your bank accounts. The latter may require out-of-pocket charges, which the customer is liable for money. Chipotle isn’t legally required to offer credit protectiosns for affected customer, making it just another one of the many things Chipotle lost its base.

Take your time to comment on this article.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites