According to Yahoo Finance and Market Watch, hackers used malware to steal customer payment data from its POS Terminals. The hack affected roughly 2,250 of Chipotle Mexican Grill Inc’s restaurants over a span of three weeks. The now-completed probe involved leading cyber security firms, law enforcement, and payment card networks, the company said.
“The investigation identified the operation of malware designed to access payment card data from cards used on point-of-sale (POS) devices between March 24, 2017, and April 18, 2017.” Chipotle said it did not know how many payment cards or customers were affected by the breach. Stolen data included account numbers and internal verification codes.
Trust Guard provides POS Terminal scanning services to help protect companies from malware.
If the scanning service finds vulnerabilities, Trust Guard sends a report to the business owner explaining what is wrong and how to repair the security hole. This service from the leader in website security keeps companies safe from POS terminal malware.
Chipotle did not use Trust Guard’s security scanning services to protect its POS terminals from malware. As evident in the Chipotle hack, if your card terminals are not being scanned, they are a target for hackers. Unscanned POS terminals can become a statistic like Chipotle Restaurants and all of the Target® stores across the nation between November 28 and Dec. 15, 2013. According to Today.com, the massive security breach at Target let hackers steal data from 40 million credit and debit cards.
An investigation into the Chipotle breach found the malware searched for track data from the magnetic stripe of payment cards. Chipotle could not alert customers directly. That’s because it did not collect their names and mailing addresses at the time of purchase. The information obtained by hackers could be used to drain bank accounts, make “clone” credit cards, or to buy things on certain less-secure online sites, said Paul Stephens, director of policy and advocacy at the nonprofit Privacy Rights Clearinghouse.
Chipotle posted a notification on its website and issued a press release to make customers aware of the incident.
You can access more information from a link located on their front page (Chipotle.com). Chipotle said any unauthorized charges should be reported to credit card issuers. That’s because cardholders generally aren’t responsible for such charges if they are reported in a timely manner.
Chipotle said the malware looked for track data, which sometimes has cardholder names, card numbers, expiration dates and internal verification codes. Track data was read from the magnetic strip of the payment card as it was routed through its system. “There is no other indication that other customer information was affected,” the company said.
The restaurant chain said that not all locations were involved, but that any customers who used a payment card at all during the so-called at-risk time frame “should remain vigilant to the possibility of fraud by reviewing their payment statements for any unauthorized activity,” it said, in the statement.
As part of the probe, Chipotle said it removed the malware. It will continue to work with cyber security firms to figure out ways to boost security and will keep working with payment-card networks. Chipotle was not using Trust Guard’s POS Terminal Scanning Service when it got hacked.
How can PCI Security Scans protect my POS Terminal and my Company?
When Trust Guard runs a PCI compliant scan on your POS terminal, they check for thousands of vulnerabilities. They scan your web applications and networks remotely and non-intrusively based on the IP address you provide. The scans look for threats to the operating system, services, and utilities used for financial or other sensitive transactions.
The scan is performed with an advanced scanning engine that generates a detailed report listing any server and network vulnerabilities. Then you can quickly resolve any security risks to maintain and protect your system from hackers and malware.
To order PCI compliant POS Terminal scanning from Trust Guard, click here.