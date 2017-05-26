Chipotle Says 'Most' of Its Restaurants Were Infected With Credit Card Stealing Malware (theverge.com) 30
Earlier this year, Chipotle announced that the their payment processing system was hacked. Today, the company has released more information about the hack, identifying the malware that was responsible and releasing a new tool to help customers check whether the restaurant they visited was involved. The company did not say how many restaurants were affected, but it did tell The Verge that "most" locations nationwide may have been involved. The Verge reports: "The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device," Chipotle said in a statement. "There is no indication that other customer information was affected." We browsed through the tool and found that every state Chipotle operates in had restaurants that were breached, including most major cities. The restaurants were vulnerable in various time frames between March 24th and April 18th, 2017. Chipotle also operates another chain called Pizzeria Locale, which was affected by the hack as well. (The list of identified restaurants can be found here, which includes locations in Kansas, Missouri, Colorado, and Ohio.) Chipotle noted that not all locations have been identified, but it's a starting guide to check whether your visit lines up with the breached period.
At least their food wasn't infected
Who knows? Maybe people who ate there and charged it came away the victims of *two* different meanings of the word "virus".
Given the issues Chipotle has had in recent months with regard to food safety, this is actually not unlikely!
A puff of the vape and a tip of the fedora to you, Sir Edgy!
Cash? So I have to go to a bank periodically (once a week?) and wait in line to withdraw paper currency. So your solution is I should have yet another chore in my life.
I can avoid diarrhea AND credit card fraud!
I don't eat there because of their anti-GMO marketing. If you're going to use science denialism as a marketing tool and cater to a dangerous hysteria that makes the world a worse place, then meh, I'll go somewhere else.
Is Chipotle on the chip, or are their readers still strip based? My cards have chips these days, but I usually don't watch to see who uses which scan technology. Chip tech is supposed to combat this sort of thing, isn't it?
How'd that work out?
So the company announcement says that the malware stole data from magnetic strip reads.
"The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device."
I didn't see anything specifically state that chip-based interactions were immune. What percentage of payments were strip vs. chip based?
100% of them since Chipotle in 2015 announced that they were not upgrading their POS systems to use EMV since they claimed that magnetic swipe is faster and would speed up their lines.
I wondered if this would be the case. Since chip tech exists, you'd only target malware at people who weren't using it...
I'm surprised that more high-volume retail locations haven't done the same: the chip is painfully slow compared to the swipe strip, and if you are processing 100s per hour it can really put a crimp in customer flow.
Stupidity like this is why card issuers are simply going to have to make EMV mandatory. Same deal with gas stations; yes I realize EMV readers are expensive but it's cost of doing business. Deal with it and upgrade your shit.