Skip to main content

Chipotle Joins Shoney's, Arby's as Latest Security Breach Victim

On April 25, Chipotle Mexican Grill posted on its website a "Notice of Data Security Incident." In that notice, the restaurant chain revealed that it recently detected unauthorized activity on the network that supports payment processing for purchases made in its restaurants. It said it immediately began an investigation with the help of cyber security firms, law enforcement, and its payment processor.
Chipotle said it believes the actions it has already taken have stopped the unauthorized activity, and it has implemented additional security enhancements. Its investigation is focused on card transactions in its restaurants that occurred from March 24 through April 18. The restaurant chain said it will provide more details as they become available during the course of their investigation.
Chipotle joins Shoney's and Arby's as one more restaurant chain making headlines recently for a data security breach. Why though, does the hospitality industry in particular, seem to be targeted so often?
According to Netsurion, a provider of managed security services for multi-location businesses, and EventTracker, a SIEM provider, hackers often target restaurants due to the abundance of poorly secured systems. Once they find a vulnerability and get into the network, they go after the POS systems. Due to the POS doing the simple job of processing transactions, the typical alarm bells of a desktop computer hack would not be seen by a user, for example, ransomware messages, degraded performance, etc.
Sometimes malware discreetly slips by antivirus programs and then stealthily extracts payment data, despite the presence of traditional firewalls. From there, it can nab stolen data slowly, making it look like normal traffic. Weeks or months could go by before it is discovered and by then, who knows how many customer credit cards have been breached?
Some hospitality companies are hit with ransomware. Ransomware prevents restaurateurs from accessing their files and their system until a ransom is paid to get a decryption key of some kind. Ransomware attacks are on the rise.
Additionally, whether it’s an honest mistake or a disgruntled employee, inside threats account for about 50 percent of all security incidents (Verizon Data Breach Investigations Report). It’s nearly impossible to stop this from occurring, but with the right managed security in place, it can be thwarted or caught before real damage is done.
According to Netsurion, breaches like Chipotle’s reiterate that multi-location restaurant security requires a new approach, beyond maintaining PCI compliance and implementing a managed firewall, which are absolute essentials. Unfortunately, many products and service providers simply do not have the ability to stop cybercriminals before they do real damage. 
To achieve a high level of protection, restaurants should consider implementing the following technologies as part of a comprehensive ‘toolbelt’:
  • File integrity monitoring (to tell you when files have changed that weren’t supposed to change)
  • Unified threat management appliances (used to integrate security features such as firewall, gateway antivirus, and intrusion detection)
  • Security information and event management (used to centrally collect, store, and analyze log data and other data from various systems to provide a single point of view from which to be alerted to potential issues)
  • Next-generation endpoint security solutions (used to stop attacks on the endpoint computers and servers before they can wreak havoc on other systems)
This ad will auto-close in 10 seconds