The company announced it recently detected unauthorized activity on the network that supports its payment system in restaurants, but believes it has stopped the activity. Furthermore, the investigation is focused on restaurant transactions between March 24 and April 18, 2017, and the company would not provide further details since the investigation is still going on.
A Chipotle representative said the company has notified card networks, which notifies issuing banks, which in turn notifies customers.
Sándor Bálint a security specialist commented on this and added that this incident is a reminder of the fundamental problem about credit card payments, that they are the source of a host of security issues and very difficult and costly to secure. The problem is that a sequence of characters, the card number, is used as an identifier, but this same sequence (when combined with the expiration date and the card security number) is sufficient to make financial transactions on behalf of the cardholder, therefore the known number is also treated as a secret.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now