UPDATED 23:24 EST / APRIL 26 2017

INFRA

Fresh from its E. coli outbreak, Chipotle catches new infection: credit card-stealing malware

Chipotle Mexican Grill Inc. can’t catch a break. Infamous for selling E. coli bacteria-infected food to customers in 2016, the restaurant chain has now caught a new infection in the form of credit card-stealing malware on its retail network.

The company disclosed Wednesday that it had recently detected “unauthorized activity” on the payment-processing network that supports its restaurants. Although somewhat vague on the details, Chipotle said the hack involved credit card transactions at its restaurants from March 24 to April 18.

“We recently detected unauthorized activity on the network that supports payment processing for purchases made in our restaurants,” the company said in a statement. “We immediately began an investigation with the help of leading cyber security firms, law enforcement, and our payment processor. We believe actions we have taken have stopped the unauthorized activity, and we have implemented additional security enhancements.”

According to Marketwatch, Chipotle said it is still unable to estimate the costs related to the issue but expects that any costs associated with the probe will be covered by insurance. The company added that consumers should closely monitor their credit card statements to make sure no one was running up unauthorized charges and that should they detect such a payment, they should immediately notify their back.

Exactly what form the attack took is guesswork at this time, but The Register fairly speculates that it was likely to have taken the form of “classic cash register malware” given the suggestion that credit card details may have been stolen at the point of sale.

Cash register malware has been around since at least 2013 and has since then been used to obtain data from a number of high-profile companies, including Target and Neiman Marcus in 2013 and more recently Arby’s in January. ModPOS, a more recent form of cash register malware discovered in 2015, is said to use key-logging, network monitoring and RAM scraping to hide itself as it acquires the credentials of customers whose details pass through an electronic point-of-sale.

Photo: Aranami/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU