Chipotle Malware Attack: A Review of Security Breach and Impact

Verified

Added on 2019/11/25

AI Summary

This report is an article review focusing on a 2017 malware incident affecting Chipotle, a popular American restaurant chain. The attack targeted the restaurant's payment system, specifically point-of-sale terminals, compromising customer debit and credit card information. The malware, active between March 24 and April 18, searched for sensitive data like cardholder names, card numbers, verification codes, and expiry dates. The review emphasizes the importance of updated software and proactive malware detection to minimize data breaches. The report references several sources, including research on cashless payments, patent information, and studies on cybercriminal networks and malware. The incident highlights the vulnerability of payment systems and the need for robust security measures to protect customer data. The review stresses the potential impact on cardholders and the necessity for continuous security updates.

Running head: ARTICLE REVIEW
ARTICLE REVIEW
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2ARTICLE REVIEW
In the year 2017, an American restaurant named Chipotle was affected of a malware
activity which hacked the payment site of the restaurant (Klein, 2017). The individual user
who accessed the online portal of the restoration or used their debit and credit card in order to
purchase food where the major victim of the attack. A confirmation was achieved that the
malware which affected by the payment system was mainly installed at the point- of- sale
terminal. A point- of- sale is referred to an electronic device which is used to process a
payment with the help of a credit or debit card. The terminal is used to read the information
which are related to the customers debit and credit card, check whether the fund which is
required for the transaction is sufficient or not, task related to transfer of fund from the user’s
terminal to the seller’s account (Turnbull, 2017).
The attack was initiated between the time period of March 24 and April 18. The
activity which was initiated with the malware was that it searched for the tracking of data
which can sometimes include the card holders name with it card number, internal code of
verification and expiry date. These information was read from the payment card magnetic
stripe while it would be routed with the POS device (Khanna, 2017). The effect of the attack
was the malware would directly get all the information regarding the customer and these
information can be termed as very much critical information. This information are used by
the hackers for their own benefits leaving the card holders position at a risk. In order to
protect an individual payment site, the software involved in the technology should be updated
and should always be in an updated form. The checking of if any malware activity is being
proposed into the system should be checked. If any activity is detected precautions measures
should be activated immediately so that the breach of data can be minimized (Leukfeldt,
Kleemans & Stol , 2016).
Malware is mainly ab abbreviated term which means malicious software. The
software is designed mainly to gain the overall access or damage a computer system without

3ARTICLE REVIEW
the user of the computer not knowing its existence (Klein, 2017). There are various forms of
malware activity which may include key loggers, true viruses, spyware or any sort of code
which can be termed as malicious that infiltrates a computer system. A software is generally
considered as malicious based on the creator’s intention rather than its actual features.
The range of the attack was only effected in the United States, as informed or stated
by the Chipotle’s Security that the majority of the stores were affected by the activity of the
malware (Leukfeldt, Kleemans & Stol, 2016). The main point that can be issued from the
aspect is that customer information was not breached so much or was impacted by the
activity but there was no such estimation on the number of people who were affected by the
incident.

4ARTICLE REVIEW
References
Khanna, J. (2017). Cashless Payment: A Behaviourial Change To Economic Growth.
International Journal Of Scientific Research And Education, 5(07).
Klein, A. (2017). U.S. Patent No. 9,723,014. Washington, DC: U.S. Patent and Trademark
Office.
Leukfeldt, E. R., Kleemans, E. R., & Stol, W. P. (2016). Cybercriminal networks, social ties
and online forums: social ties versus digital ties within phishing and malware
networks. British Journal of Criminology, 57(3), 704-722.
Turnbull, D. W. (2017). U.S. Patent No. 9,692,782. Washington, DC: U.S. Patent and
Trademark Office.