Breach Brief – Chipotle Hit By Nationwide Data Breach

Published On May 31, 2017 | By Tom Huskerson | Breach Briefs

Chipotle restaurants have been hit by a major nationwide data breach of hits payments systems. The restaurant chain was infected with malware that stole customer payment data from March 24th-April 18th. According to the company hackers have stolen customer payment data from nearly all of its 2,250 restaurants. The stolen data includes account numbers and internal verification codes that could be used to drain customers debit card accounts or clone their credit cards. Chipotle didn’t reveal the details of the attack or affected locations until Friday, May 26th.

The number of restaurants  locations attacked includes many major U.S. cities. Chipotle spokesman Chris Arnold said that “most, but not all restaurants may have been involved.”

Chipotle’s Blog reported,  “During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures.”

Chipotle, working with an unnamed cyber security firm, reported it had completed it’s investigation. Law enforcement and payment card networks were also involved in the investigation.   Although the company did not give exact numbers it did say that “many” customer’s payment information was compromised.

According to Chipotle’s security alert the point-of-sale (POS) malware attack went on for three weeks. “The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. There is no indication that other customer information was affected.”

For customers of Chipotle the company has set up a tool to search if their local restaurant was hit by the malware. Check the Chipotle security alert.

Customers of Chipotle are warned to closely monitor their credit card and debit accounts for unusual activity.


Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. He attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has returned to focus on writing both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle. Most recently Tom has launched the blog African American Cyber Report. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *