If you had been to Chipotle Mexican Grill between 24 March 2017 and 18 April 2017 and paid with credit card, then you should immediately get a statement and check if there has been any fraudulent activity as regards your credit card. Chipotle recently announced that they have fallen prey to a cyberattack and that hackers have stolen credit card information at Chipotle restaurants across the United States between 24th March-18th April 2017. The company started investigating the possibility of a breach, possibly at the PoS (Point-of-Sale), and has now confirmed that the data has been compromised by PoS malware between these dates.
It further went on to confirm that other than card number, cardholder name, expiration date and verification code, no other information was compromised. Since only selected outlets were affected during this time, Chipotle Mexican Grill, Inc. has created a tool that allows customers to check which location and restaurant the breach has happened. The company has listed 15 locations in Austin, where the breach must have happened.
How did this happen?
The POS malware would pull data off the credit cards’ magnetic strip routed through the PoS from the physical locations. The company has not confirmed yet if the customer information is affected. It seems that PoS at few of the outlets were compromised during the initial weeks, and later it spiraled and infected the other machines in a month’s time. Though the malware is now removed, the company says it has no idea how it got infected.
PoS security has been a case of concern since 2013 when it attacked the retailer ‘Target’. Post this incident, there has been an increased scrutiny about PoS security, and they were all mostly trying to find out the root cause of the malware strikes.
Though the Target breach should have been an eye-opener, unfortunately not many tried to keep it safe and after few days another prominent retailer Home Depot fell victim to a malware, the Backoff malware, which went on to infect 600 businesses.
All this only proves one vital point that ‘hotels and restaurants, and retail business should be extra cautious, and be compliant with PCI-DSS (Payment Card Industry Data Security Standard). PCI-DSS is the industry best practices which enable clients to keep customer data and payment secure.
How to protect yourself?
It is advisable that you remain vigilant for incidents of identity theft or fraudulent activities. Review your bank statement or credit card statement for any unauthorized dealings. Call on your bank’s toll-free number to cross check any discrepancy if you happen to see any.
If you have a reason to believe that your personal information has been misused, you should immediately contact the agencies and apprise them of the situation. You can obtain information from law enforcement authorities and freeze your account or credit card.