Fast-food chain Chipotle says hackers infected its point of sale terminals to gain access to card data from stores in 47 states and Washington, DC.
The self-described “Mexican Grill” says that the malware was active earlier this year from March 24 to April 18, when it was detected, triggering the company to issue an alert.
“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device,” Chipotle said in its latest summary of the incident.
“There is no indication that other customer information was affected.”
That last sentence is a bit puzzling, as a fraudster who has payment card numbers, dates, and security codes would have little need for any other info.
Chipotle recommends that anyone who paid with a card at one of the compromised stores keep a close eye on bank statements and consider having an alert placed to their credit file to catch possible fraud.
Yeah right, double speak “there is no indication that other customer information was affected.” Which means, no other customer information EXCEPT the information stolen in the hack! Excuse me while I barf.