News

Actions

Chipotle data breach highlights need for new chip security technology

Posted at 9:31 PM, May 26, 2017
and last updated 2017-05-27 00:58:48-04

DENVER -- Swiping could be the thing of the past. Just ask any cyber security expert, like Chris Rothe with Red Canary, a cyber security company based in Downtown Denver.

"The stripe is old technology. It's a magnetic strip that encodes basically just your credit card number pretty much in plain text."

Chipotle is the latest company making headlines after falling victim to hacking. Malware was installed on the point of sale terminals where employees take your order.

"[If you] swipe your credit card at Chipotle, the malicious software would intercept that information and then send it home to the attackers," said Rothe.

The malware went undetected for three weeks and affected most of Chipotle's 2,200 plus restaurants across the country.

In Denver, 14 Chipotle locations were compromised as well as two Pizzeria Locale restaurants.

"There's an underground economy for your data. So your credit card number, if your attacker is able to steal it, they can go sell it on this black market," said Rothe.

That's why more and more businesses upgrade to EVM or chip readers. The technology encrypts customer's identification data, protecting it from hacking.

It’s something Chipotle reportedly opted out of doing because of worries it would slow down customer lines.

According to card processor Square, that’s also customers' main gripe with the new chip technology, but security was also listed as a top priority.

While there's no real solution, unless all major retailers and restaurants switch to chip readers, cyber security experts say consumers need to be hyper aware and monitor their card statements.

"It's on everybody as individuals who live in our modern connective worlds and on companies to make sure they're protecting their data, paying attention and detecting what people have gotten access to and shut it down,” said Rothe.