INFRA
INFRA
INFRA
Fresh from its E. coli outbreak, Chipotle catches new infection: credit card-stealing malware
Chipotle Mexican Grill Inc. can’t catch a break. Infamous for selling E. coli bacteria-infected food to customers in 2016, the restaurant chain has now caught a new infection in the form of credit card-stealing malware on its retail network.
The company disclosed Wednesday that it had recently detected “unauthorized activity” on the payment-processing network that supports its restaurants. Although somewhat vague on the details, Chipotle said the hack involved credit card transactions at its restaurants from March 24 to April 18.
“We recently detected unauthorized activity on the network that supports payment processing for purchases made in our restaurants,” the company said in a statement. “We immediately began an investigation with the help of leading cyber security firms, law enforcement, and our payment processor. We believe actions we have taken have stopped the unauthorized activity, and we have implemented additional security enhancements.”
According to Marketwatch, Chipotle said it is still unable to estimate the costs related to the issue but expects that any costs associated with the probe will be covered by insurance. The company added that consumers should closely monitor their credit card statements to make sure no one was running up unauthorized charges and that should they detect such a payment, they should immediately notify their back.
Exactly what form the attack took is guesswork at this time, but The Register fairly speculates that it was likely to have taken the form of “classic cash register malware” given the suggestion that credit card details may have been stolen at the point of sale.
Cash register malware has been around since at least 2013 and has since then been used to obtain data from a number of high-profile companies, including Target and Neiman Marcus in 2013 and more recently Arby’s in January. ModPOS, a more recent form of cash register malware discovered in 2015, is said to use key-logging, network monitoring and RAM scraping to hide itself as it acquires the credentials of customers whose details pass through an electronic point-of-sale.
Photo: Aranami/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
