Most Chipotle restaurants were hacked by credit-card stealing malware


Originally published at:


Chipotle cleans out your lower GI tract and your credit limit all at the same time.
ETA: once again well played with the actual URL text @doctorow


Chipotle screws me over? In what way? I don’t eat there often, but I certainly didn’t feel screwed over. I guess only a corporate tool like myself would look for… evidence?


Can someone explain to me why it’s THAT big a deal for the consumer when credit card info is stolen from the point of sale? I understand the problem for those using debit cards (which is simply insane, AFAIAC), but with a credit card it’s a minor annoyance at most. It’s the credit card companies who are on the hook for the fraud, not the consumer. At worst on the user end, we have to spend a couple of minutes reporting fraudulent charges – I’ve had to do this a few times, and the world hasn’t ended. I’m sure there’s some other dire consequence I’m not seeing, but I can’t tell what it might be.


They can use it to make new accounts in your name, etc. Having a credit freeze can be a royal PITA. Since a lot of places are now doing credit checks for new hires that can be a NOPE to employment as well.


Hmm, interesting. I guess I’ve never seen that kind of daisy-chaining of credit cards in applications. You’d think that the credit card companies would require more info than a current CC number/expiration/security code to start a new account.


They have your name and CC number plus the verification code, which can make it easy to get the rest of the info needed for full identity theft.


I’ve started using cash for my entertainment budget (and I include eating out in that budget). Not only have I found having to stare down cold hard cash makes it harder to justify spending, but I don’t have to worry about stuff like this.

Plus, it makes it a lot simpler to audit my statements when I basically only have trips to the grocery store + bills on the CCs, and a couple atm withdrawals on the debit card.

I’ve actually been considering doing a patreon supported finance blog since so many places rely on credit card referrals to generate income. (I think the traditional wisdom on ZOMG REWARDSSSS! might not hold up if you don’t have to travel for work or have a large family and a car to gas up)


Chipotle can’t seem to catch a break, can they?


Who pass the “savings” on to the retailers with higher transaction fees who then have to charge higher prices if they want to allow their business to accept credit cards, which means you end up paying for it anyway.


Honestly, if you are still using a magnetic stripe card instead of a chip program, you either need to get with the program, or find a bank that is with the program.

Using an MSR card is akin to running unpatched Windows XP. Sure, Chip+PIN, or even CHIP+Signature for our cousins in the States, is a tad more inconvenient, but at least the bad guys can only steal one card at a time (he says, ignoring ‘card not present’ fraud).


Alas, the world we live in one where the banks sign you up for fake accounts without telling you all by themselves. They’ve cut out the criminal in the middle.


I’ve only eaten at Chipotle a few times. I rather enjoyed it.


Hackers rush in where health inspectors fear to tread.


It may surprise you, but a lot of people have debit cards. Personally, I have two (on separate accounts) so that when I have to freeze one, I can use the other until the frozen one gets straightened out and replaced. But aside from the hassle, having money/credit unavailable when you need it, and identity theft potential, there’s a chance that it might go unnoticed for awhile for people who don’t scrutinize their statements daily.

As a sidenote regarding identity theft, some places use ‘last four digits of credit card #’ as identifying information, which hackers have used to get access to one account in order to get access to breach another account which can lead to total identity theft.

Yeah, all those ‘miles’ and ‘points’ and such are pretty pointless to a lot of people. Reminds me of the old green stamps or those coupons that came with a pack of cigarettes - collect 5,000 and you get a hat or a mug with their company’s logo on it. Yay? Might be more useful if instead of that they had rewards like days of free rent, discounts on utility bills, or savings bonds.


I’ve only eaten at one recently, because it’s next to my office. It’s one of the ones that was hacked. I honestly can’t remember if I ate there when it was hacked though.


It’s far safer to have a credit card on autopay from your bank every month, which is effectively the same thing as debit but you’re not begging for your money back in the event of fraud. You just need the financial discipline to treat it like a debit not a credit. I never use debit cards.


This topic was automatically closed after 5 days. New replies are no longer allowed.