Earlier this year, in April, Chipotle Mexican Grill passed on a message to their customers that they had detected some kind of unauthorized activity. This was detected on a network which was supporting the payment processing for the purchases made in the restaurants. Just recently, the franchise restaurant has announced that the malware responsible for this credit card hack is identified. Not just this, they also announced that they have released a new tool that will help the customers to check if the restaurant outlet they had visited was involved, as reported by The Verge.
Majority of Chipotle Restaurants Affected
Chipotle Mexican Grill has said that it does not know the exact number of customers or payments cards affected due to the date breach. But in an e-mail, a spokesperson, Chris Arnold said that this malware struck almost majority of Chipotle’s 2,250 restaurants; for different periods of time between March 24 - April 18.
The breached data included internal verification codes and account numbers. The biggest danger of this data breach was regarding this stolen data. It could make ‘clone’ credit cards, drain the bank accounts linked with debit cards, or even make purchases through less secure sites, says Paul Stephens. Stephens is the Director of Policy and Advocacy at Privacy Rights Clearinghouse, a non-profit.
Investigation of Malware
The investigation done into the malware revealed that this malware searched for the data through the magnetic strip of customers’ payment cards. Arnold said that Chipotle did not collect the names and e-mail addresses of customers during purchase, so it could not alert them directly. This is why; the company notified the customers through locale websites of Chipotle and Pizzeria.
Chipotle Mexican Grill has noted that all the affected locations are not identified, but this is a starting guide. It will help the consumers in checking if their visit lines up with the period of the data breach. The company has suggested that if it does, the consumer can notify a fraud alert; contact the FTC- Federal Trade Commission; or place a security freeze on the bank account.
Well, the customer is liable for the payment of charges of the necessary process. Legally, Chipotle does not require to offer the affected customers a credit protection. This may make the customers hate the restaurant firstly for data malware. Secondly, for no responsibility of handling the issues of affected customers.