Further Details Released About Large Chipotle Data Breach

Media Division | May 29, 2017

A few months back, Chipotle, the large Mexican food chain, had announced that they had suffered a data breach involving customer payment information. At the time, there were not many details released about it as they had not finished the investigation to determine the extent. But, Chipotle has now released more information in regard to the incident and it displays how significant it was.

Details of the Incident

The chain had said that their investigation discovered that a hacker had used malware to purloin customer payment data from most of their 2,250 stores across the United States, as well as some in Canada. The breach had occurred between March 24th and April 18th, though the time that each individual location was affected may have varied. The hackers were able to steal account numbers and internal verification codes by searching for magnetic stripe data. This information can be used to drain a card account, clone the card, or used to purchase items on online sites with lesser security. As mentioned above, the restaurant chain was initially quite tight-lipped in regard to the incident, and was not answering any queries regarding how many locations and how many customers were affected. They had simply announced it and advised those who had purchased items at restaurant locations to watch for suspicious activity with their accounts. Another chain operated by Chipotle called Pizzeria Locale was also affected by the breach.

Chipotle Faces the Consequences

With the numbers now being tallied, it is being mentioned that Chipotle will likely end up having to pay a fine for the incident, due to it being so large. In addition, there has been a civil suit filed against the restaurant chain, which is claiming that damages exceed $5 million. Chipotle is not in the greatest of positions with this incident, being that they had already suffered a data breach several years ago that also resulted in massive losses. It is being said that one of the largest reasons that Chipotle suffered this breach was their lack of using chip card technology. The civil suit claimed that Chipotle had stated that they would not switch to chip cards because of slowing customer lines.

Realistically, Chipotle has handled this breach quite poorly. Not only did they apparently not fortify their security enough to prevent another breach, but the fact that it went on for three weeks without notice displays a severe lack of payment security.

The Importance of Cyber Security Monitoring

One of the most damaging factors of breaches is that many go unnoticed for extended periods of time, like in the above case. When an attacker enters a system and remains there, they can continue to steal data, infect systems, and damage operations. This is why cyber security monitoring has become such a necessity for organizations. Comprehensive monitoring allows IT staff or an analyst to have a consistent awareness of their various systems, networks, and operations. They will receive alerts of any oddities or anomalies, which allows them to immediately investigate. If it turns out to be a threat, it can be rapidly mitigated and expelled, which prevents it from causing extensive amounts of damage. Modern threats can be quite adept at flying under the radar, so those in charge of networks and systems need to be aware of the slightest fluctuations to be able to properly prevent breaches. Massive Alliance’s cyber security monitoring services provide an organization a vital first line of defense and prevention.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.