A recent Chipotle Mexican Grill security breach has potentially resulted in customers’ credit card details being accessed by unauthorized individuals.
A statement released by the fast casual restaurant chain confirms that unauthorized individuals gained access to its network hosting its payment processing system. The initial findings of its investigation suggest access was first gained on March 24, 2017. Customers who visited its restaurants between March 24 and April 18, have potentially been affected. The investigation into the Chipotle Mexican Grill security breach is continuing to determine how many of the chain’s 2,000+ restaurants have been affected.
Few details about the Chipotle Mexican Grill security breach have been released as the investigation is ongoing, although the threat is now believed to have been blocked.
Chipotle Mexican Grill called in external cybersecurity experts to investigate a potential breach after unusual activity was detected on the network hosting its payment processing system. Law enforcement was alerted, as was its payment processor. Additional security protections have already been installed to bolster cybersecurity defenses in response to the suspected attack. Efforts are continuing to confirm the exact dates of the attack and the restaurants that have been affected.
The Chipotle Mexican Grill security breach is one of many incidents reported by restaurant chains this year. Restaurants are being targeted by cybercriminals due to the high number of credit cards that are processed. If attackers can gain access to restaurant payment processing systems, many thousands of credit card numbers can be stolen.
There are many methods used by cybercriminals to gain a foothold in a network and gain access to payment processing systems.
Typically attacks occur as a result of an employee opening an infected email attachment or visiting a hyperlink in an email that allows malware to be downloaded. Phishing emails are also sent, which aim to get employees to reveal their login credentials. Restaurants can improve their resilience against email-borne attacks by implementing an advanced spam filtering solution.
Web-borne attacks are also common. A recent report from Symantec shows web-based attacks have increased in the past year.
If an employee can be convinced to visit a malicious website, or is directed to such a site via a malvertising campaign, malware can be silently downloaded. Exploit kits on malicious websites probe for vulnerabilities in browsers and exploit those vulnerabilities to download malware.
Web-borne attacks can be prevented by ensuring that patches are applied promptly and all vulnerabilities are plugged. However, the number of patches now being released makes it difficult for restaurants to keep up. New zero day vulnerabilities are also constantly being discovered and added to exploit kits.
Many restaurants are improving their defenses against web-based attacks by implementing a web filtering solution. A web filter can be used to carefully control the websites that can be accessed on restaurant computers.
Web filters block all known malicious websites using black lists. As soon as a website is discovered to be hosting an exploit kit, malware, or used for phishing, it is added to blacklists and the site is blocked by the web filter.
A web filter is also an excellent phishing defense. If an employee clicks on a phishing hyperlink in an email, the web filter can block the URL and prevent the user from visiting the site.
There are other important advantages to implementing a web filtering solution for restaurants. The solution can be used to carefully control the websites that customers can access. Restaurants can therefore ensure that customers do not access malicious sites or inappropriate website content such as pornography. Consumers are increasingly seeking restaurants that offer free Wi-Fi, but also those that implement controls to secure their Wi-Fi networks.
If you would like to improve your resilience against cyberattacks and offer your customers secure and safe Internet access, contact the TitanHQ team today and find out more about your options.