Chipotle Reveals Potential Breach in Data Security
Chipotle revealed to its customers that they may fall victim to a potential breach in their payment processing system.
On April 25, Chipotle posted a “Notice of Data Security Incident” on its website that made customers aware detected “unauthorized activity on the network that supports payment processing” for the popular restaurant.
While Chipotle believes they have made actions to stop the problem from reoccurring, they do believe anyone who purchased a meal from them between the dates of March 24 and April 18 could be vulnerable.
After an internal investigation with the help of cyber security firms and law enforcement, Chipotle will be able to provide details of the potential breach. They plan to provide notification to affected customers as soon as possible.
This definitely isn’t the first time a breach like this has happened at popular food chains and even retail stores. In 2016 alone we saw massive breaches of Wendy’s, Target and even the IRS.
Tim Erlin, vice president of IT security and risk strategist for Tripwire says that as long as the black market is interested in compromised credit cards, hackers won’t stop.
“The best advice for companies running point of sale systems is to isolate and lock down the devices as much as possible,” Erlin said. “Point of sale terminals are typically low change environment. Implementing security configurations and closely monitoring for any change can both prevent and detect any potential attacks. These systems should talk to predictable destinations both internally on the network as well as externally on the Internet. Carefully monitoring communications for anomalies can help identify successful attacks.”