Chipotle Reveals Potential Breach in Data Security

Chipotle Reveals Potential Breach in Data Security

Chipotle revealed to its customers that they may fall victim to a potential breach in their payment processing system.

On April 25, Chipotle posted a “Notice of Data Security Incident” on its website that made customers aware detected “unauthorized activity on the network that supports payment processing” for the popular restaurant.

While Chipotle believes they have made actions to stop the problem from reoccurring, they do believe anyone who purchased a meal from them between the dates of March 24 and April 18 could be vulnerable.

After an internal investigation with the help of cyber security firms and law enforcement, Chipotle will be able to provide details of the potential breach. They plan to provide notification to affected customers as soon as possible.

This definitely isn’t the first time a breach like this has happened at popular food chains and even retail stores. In 2016 alone we saw massive breaches of Wendy’s, Target and even the IRS.

Tim Erlin, vice president of IT security and risk strategist for Tripwire says that as long as the black market is interested in compromised credit cards, hackers won’t stop.

“The best advice for companies running point of sale systems is to isolate and lock down the devices as much as possible,” Erlin said. “Point of sale terminals are typically low change environment. Implementing security configurations and closely monitoring for any change can both prevent and detect any potential attacks. These systems should talk to predictable destinations both internally on the network as well as externally on the Internet. Carefully monitoring communications for anomalies can help identify successful attacks.”

  • Approaching the Education Market with Milestone Approaching the Education Market with Milestone

    Milestone’s Laurie Dickson addresses Open Architecture, new equipment and the cost of entry and upgrading VMS systems over time. She also talks about how K-12 and Higher Education campuses differ in regard to surveillance system needs. Schools have certain guidelines they must follow to protect student identities, and Laurie addresses this question as well.

Digital Edition

  • Security Today Magazine - January February 2022

    January / February 2022


    • A Power User
    • The Benefits of Transformation
    • Cloud Storage Training
    • Popular Access Control
    • Where Solar and Security Meet

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety