June 7, 2017
Chipotle Hack Has Customers Concerned
Chipotle is in the news again, and, once again, the headlines will lead to a public relations problem for the company. According to multiple media outlets, many different Chipotle locations fell victim to a hacking attack that allowed the perpetrators to gain access to credit card information of customers.
While the company quietly made the announcement this past April, news reports began to filter online, mostly through social media, in the past few weeks. Part of the revelations included the list of compromised locations, including quite a few in the United States. When asked to confirm locations, Chipotle spokesmen told the media “most, but not all restaurants may have been involved…”
Now, that could be a nice bit of noncommittal turning of a phrase, or it could be that officials at the restaurant chain really are still unsure how many locations were impacted. One thing that is certain is that law enforcement is still investigating the breach, so it’s possible there will be more information incoming.
So, going forward, it’s possible that Chipotle is going to be in the news regarding this incident multiple times. If that turns out to be the case, it’s important for their PR team can offer a positive, progress-oriented statement along with each negative or embarrassing admission. So far, this is what they had to say:
“During the investigation, we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures…”
And it also has the potential to cause some customers to go back to cash. The malware used in the attack worked by going after the information stored on magnetic chips on credit or debit cards. So, instead of just hacking the storage, it actually worked like a skimming device by taking information directly off a customer’s card.
This means the bad guys could have customers’ names, card numbers, and other private information, giving them nearly total access to make purchases online without triggering any notice from the actual card owners until it’s too late. That means anyone who ate at the restaurant and paid with plastic in March and April needs to keep a very close eye on their bank accounts going forward.
Sometimes, skimmers and hackers will grab information and not even try to use it for months. Then, they try small amounts, hoping people don’t really notice single-digit debits. If that works, they might try for bigger prizes. Vigilance is the price of convenience in the digital age … and potential hacks are the PR price paid by companies that want to offer that convenience. It’s happened before, and it will happen again. Brands need to have a plan ready.