Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chipotle Says 'Most' of Its Restaurants Were Infected With Credit Card Stealing Malware (theverge.com)

Posted by BeauHD on from the exe.coli dept.

Earlier this year, Chipotle announced that the their payment processing system was hacked. Today, the company has released more information about the hack, identifying the malware that was responsible and releasing a new tool to help customers check whether the restaurant they visited was involved. The company did not say how many restaurants were affected, but it did tell The Verge that "most" locations nationwide may have been involved. The Verge reports: "The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device," Chipotle said in a statement. "There is no indication that other customer information was affected." We browsed through the tool and found that every state Chipotle operates in had restaurants that were breached, including most major cities. The restaurants were vulnerable in various time frames between March 24th and April 18th, 2017. Chipotle also operates another chain called Pizzeria Locale, which was affected by the hack as well. (The list of identified restaurants can be found here, which includes locations in Kansas, Missouri, Colorado, and Ohio.) Chipotle noted that not all locations have been identified, but it's a starting guide to check whether your visit lines up with the breached period.

15 of 115 comments (clear)

  1. Well by Plumpaquatsch · · Score: 4, Funny

    At least their food wasn't infected,

    --
    Of course news about a fake are Fake News.
    1. Re:Well by JonBoy47 · · Score: 3, Interesting

      Given the issues Chipotle has had in recent months with regard to food safety, this is actually not unlikely!

  2. Chipoltaway by s1d3track3D · · Score: 2

    You're going to need your credit card when you go buy more underwear after eating Chipotle. (south park)

  3. Good thing I can't stand Chipotle. by Chas · · Score: 4, Funny

    I can avoid diarrhea AND credit card fraud!

    --


    Chas - The one, the only.
    THANK GOD!!!
    1. Re:Good thing I can't stand Chipotle. by ChromeAeonium · · Score: 3, Insightful

      I don't eat there because of their anti-GMO marketing. If you're going to use science denialism as a marketing tool and cater to a dangerous hysteria that makes the world a worse place, then meh, I'll go somewhere else.

    2. Re: Good thing I can't stand Chipotle. by ChromeAeonium · · Score: 5, Insightful

      This post is the exact type of misinformation I'm taking about. GE crops aren't made to be 'drenched in' Round-Up, they're designed to tolerate it so it can be used in place of other weed control methods, which typically include a series of much worse herbicides.

      Yes, there were potatoes that were engineered to produce a type of insecticide, They were called NewLeaf, and are no longer on the market. But you know what, all potatoes produce their own insecticides, notably solanine. If you want potatoes with no insecticides, you beter not eat any plants, because chemical defenses are how they evolved to cope with pests. Don't like that being altered? What do you think happens when we breed a new pest resistant variety without genetic engineering?

      As for cross pollination, all plants do that. Reproduction is what life has been fine tuned to do since day one. If you are going to hold GE crops to an unreasonable double standard, then of course they're going to fail. But I could apply that same argument to non-GE crops. Crops with different traits will cross pollinate and result in different progeny, which can cause issues in some instances. Arbitrarily declaring one thing be grown in greenhouses while giving everything else a free pass makes no sense.

      Your post shows exactly why I hate anti-GMO marketing so much. It preys on an ignorance of modern agricultural methods, genetics, and basic botany, all while fostering opposition to a technology that society should be embracing.

    3. Re: Good thing I can't stand Chipotle. by Chas · · Score: 2

      Uh no. You're conflating two arguments.

      GMO itself is a good thing for the planet.
      It allows us to unlock more potential in our foods. More hardy, faster growing, more productive, more nutritious, more resistant to pests and herbicides.

      I will agree with you that the licensing structure is fairly evil and counterproductive. But these companies DO deserve to be renumerated for the costs involved in developing these crops and their growing ecosystem.

      I could understand you wanting to ban because you thought the crops unhealthy.
      But banning the crops because you dislike their licensing model? That's just brain-damaged.

      --


      Chas - The one, the only.
      THANK GOD!!!
  4. Re: Pay Cash, Don't Care by Anonymous Coward · · Score: 3, Funny

    A puff of the vape and a tip of the fedora to you, Sir Edgy!

  5. Chip vs. Strip? by AdamThor · · Score: 3, Interesting

    Is Chipotle on the chip, or are their readers still strip based? My cards have chips these days, but I usually don't watch to see who uses which scan technology. Chip tech is supposed to combat this sort of thing, isn't it?

    How'd that work out?

    --
    -- "Oh. This guy again."
    1. Re:Chip vs. Strip? by dustman81 · · Score: 5, Informative

      Chipotle has stated that they absolutely refuse to use the EMV chip, and only will do swipe, citing speed over security. https://www.scmagazine.com/chi...

    2. Re:Chip vs. Strip? by robertchin · · Score: 4, Informative

      100% of them since Chipotle in 2015 announced that they were not upgrading their POS systems to use EMV since they claimed that magnetic swipe is faster and would speed up their lines.

    3. Re:Chip vs. Strip? by sphealey · · Score: 3, Insightful

      = = = has stated that they absolutely refuse to use the EMV chip, and only will do swipe, citing speed over security = = =

      I'm surprised that more high-volume retail locations haven't done the same: the chip is painfully slow compared to the swipe strip, and if you are processing 100s per hour it can really put a crimp in customer flow.

  6. And this is why I carry cash by BLToday · · Score: 2

    My wife complains that I'm always carrying cash so my wallet is always bulky and I'm missing out on credit card rewards.

  7. Re:Kudos for honesty! by TWX · · Score: 2

    If they're doing the right thing, I should receive notice from my financial institution that Chipotle contacted them and paid for the cost to issue me new plastic.

    --
    Do not look into laser with remaining eye.
  8. Hence we need Apple Pay and Android Pay by MtViewGuy · · Score: 2

    Chipotle's latest problem is why restaurant and retailers need to offer Android Pay and Apple Pay support.

    Why? Because under Android Pay and Apple Pay, you transact using a specially encrypted code that is not anywhere close to your credit card number. As such, there's no such thing as "skimming for card number," and it's extremely difficult--even if the hacker could intercept the data stream--to use it for credit card fraud.