This time, Chipotle Mexican Grill was hit not by another E.Coli incident, but by a malware that was intended to the steal credit card details from payment machines in a significant number of restaurants across the US. The malware attack occurred between March 24, 2017 and April 18, 2017 and the company acknowledged that customers who visited the affected restaurants between those days may have had their credit card data compromised. The company said in a statement posted on its website:
The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device.
This is not the first time that Chipotle had been targeted by cyber criminals and hackers. In February 2015, the company’s official Twitter account was hacked and hackers posted abusive tweets. The company apologized for the incident.
Yet two years before that, the company admitted it had faked a hack on its Twitter account to promote its 20th year anniversary.
What is it with Chipotle and information security?