Chipotle: Difference between revisions

Line 14:

===2004 Data Breach===

~~{{Placeholder box|PLACEHOLDER TIME!!!!! }}~~

Around 2004, Hackers gained access to Chipotle payment systems, stealing customers data labelled as "Track 2" that contained customers name, card number, card expiration date, and card verification number. Chipotle found out about the attack in August after their merchant bank informed the company of the attack. Although specific details aren't publicized, through fillings with the Securities Exchange Commission:, the company lost an estimate $4.3 million in revenue starting 2004 through 2006.<ref name=":1" />

===Misleading Advertisement regarding contents of Calories in products (2016)===

Line 23:

===2017 Data Breach===

Between March 24 to April 18, hackers were able to infiltrate Chipotle [[wikipedia:Point_of_sale|point of sale systems]] through a malware attack, affecting over 2,250 locations globally and resulting in some customers name, card number, expiration date, and verification code information being stolen. On April 25, Chipotle disclosed and started an investigation into the incident. Additionally The company claimed no other information was collected.<ref>{{Cite web |date=26 May 2017 |title=CHIPOTLE MEXICAN GRILL REPORTS FINDINGS FROM INVESTIGATION OF PAYMENT CARD SECURITY INCIDENT |url=https://www.oag.ca.gov/system/files/Chipotle%20-%20Substitute%20Notice%20and%20Press%20Release_0.pdf |url-status=live |access-date=13 March 2026 |website=Chipotle — Security Inciden}}</ref> <blockquote>“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures,” the company says. “In addition, we continue to support law enforcement”s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.”<ref>{{Cite web |last=TRUȚĂ |first=Filip |date=30 May 2017 |title=Chipotle customers told to 'remain vigilant' as POS hack probe reveals most restaurants affected |url=https://www.bitdefender.com/en-us/blog/hotforsecurity/chipotle-customers-told-to-remain-vigilant-as-pos-hack-probe-reveals-most-restaurants-affected |url-status=live |access-date=13 March 2026 |website=Bitdefender}}</ref></blockquote>This resulted in a lawsuit being filed against Chipotle on May 4 for failure to conduct adequate security measures and prevent future breaches.<ref>{{Cite web |last=Rizzi |first=Corrado |date=4 May 2017 |title=Guac Is Extra: Financial Outlet Sues Chipotle Over March '17 Data Breach |url=https://www.classaction.org/news/guac-is-extra-financial-outlet-sues-chipotle-over-march-17-data-breach |url-status=live |access-date=13 March 2026 |website=ClassAction}}</ref> A settlement was reached in 2019, compensating customers affected between March 24 and April 18 $250 or $10000.<ref>{{Cite web |date=23 July 2019 |title=Chipotle Data Breach Class Action Settlement |url=https://topclassactions.com/lawsuit-settlements/closed-settlements/chipotle-data-breach-class-action-settlement/ |url-status=live |access-date=14 March 2026 |website=Top Class Action}}</ref>

Between March 24 to April 18, hackers were able to infiltrate Chipotle [[wikipedia:Point_of_sale|point of sale systems]] through a malware attack, affecting over 2,250 locations globally and resulting in some customers name, card number, expiration date, and verification code information being stolen. On April 25, Chipotle disclosed and started an investigation into the incident. Additionally The company claimed no other information was collected.<ref>{{Cite web |date=26 May 2017 |title=CHIPOTLE MEXICAN GRILL REPORTS FINDINGS FROM INVESTIGATION OF PAYMENT CARD SECURITY INCIDENT |url=https://www.oag.ca.gov/system/files/Chipotle%20-%20Substitute%20Notice%20and%20Press%20Release_0.pdf |url-status=live |access-date=13 March 2026 |website=Chipotle — Security Inciden}}</ref> <blockquote>“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures,” the company says. “In addition, we continue to support law enforcement”s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.”<ref>{{Cite web |last=TRUȚĂ |first=Filip |date=30 May 2017 |title=Chipotle customers told to 'remain vigilant' as POS hack probe reveals most restaurants affected |url=https://www.bitdefender.com/en-us/blog/hotforsecurity/chipotle-customers-told-to-remain-vigilant-as-pos-hack-probe-reveals-most-restaurants-affected |url-status=live |access-date=13 March 2026 |website=Bitdefender}}</ref></blockquote>This resulted in a lawsuit being filed against Chipotle on May 4 for failure to conduct adequate security measures and prevent future breaches.<ref name=":1">{{Cite web |last=Rizzi |first=Corrado |date=4 May 2017 |title=Guac Is Extra: Financial Outlet Sues Chipotle Over March '17 Data Breach |url=https://www.classaction.org/news/guac-is-extra-financial-outlet-sues-chipotle-over-march-17-data-breach |url-status=live |access-date=13 March 2026 |website=ClassAction}}</ref> A settlement was reached in 2019, compensating customers affected between March 24 and April 18 $250 or $10000.<ref>{{Cite web |date=23 July 2019 |title=Chipotle Data Breach Class Action Settlement |url=https://topclassactions.com/lawsuit-settlements/closed-settlements/chipotle-data-breach-class-action-settlement/ |url-status=live |access-date=14 March 2026 |website=Top Class Action}}</ref>

===2019 Data Breach===

@@ Line 14: / Line 14: @@
 ===2004 Data Breach===
-{{Placeholder box|PLACEHOLDER TIME!!!!! }}
+Around 2004, Hackers gained access to Chipotle payment systems, stealing customers data labelled as "Track 2" that contained customers name, card number, card expiration date, and card verification number. Chipotle found out about the attack in August after their merchant bank informed the company of the attack. Although specific details aren't publicized, through fillings with the Securities Exchange Commission:, the company lost an estimate $4.3 million in revenue starting 2004 through 2006.<ref name=":1" />
 ===Misleading Advertisement regarding contents of Calories in products (2016)===
@@ Line 23: / Line 23: @@
 ===2017 Data Breach===
-Between March 24 to April 18, hackers were able to infiltrate Chipotle [[wikipedia:Point_of_sale|point of sale systems]] through a malware attack, affecting over 2,250 locations globally and resulting in some customers name, card number, expiration date, and verification code information being stolen. On April 25, Chipotle disclosed and started an investigation into the incident. Additionally The company claimed no other information was collected.<ref>{{Cite web |date=26 May 2017 |title=CHIPOTLE MEXICAN GRILL REPORTS FINDINGS FROM INVESTIGATION OF PAYMENT CARD SECURITY INCIDENT |url=https://www.oag.ca.gov/system/files/Chipotle%20-%20Substitute%20Notice%20and%20Press%20Release_0.pdf |url-status=live |access-date=13 March 2026 |website=Chipotle — Security Inciden}}</ref> <blockquote>“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures,” the company says. “In addition, we continue to support law enforcement”s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.”<ref>{{Cite web |last=TRUȚĂ |first=Filip |date=30 May 2017 |title=Chipotle customers told to 'remain vigilant' as POS hack probe reveals most restaurants affected |url=https://www.bitdefender.com/en-us/blog/hotforsecurity/chipotle-customers-told-to-remain-vigilant-as-pos-hack-probe-reveals-most-restaurants-affected |url-status=live |access-date=13 March 2026 |website=Bitdefender}}</ref></blockquote>This resulted in a lawsuit being filed against Chipotle on May 4 for failure to conduct adequate security measures and prevent future breaches.<ref>{{Cite web |last=Rizzi |first=Corrado |date=4 May 2017 |title=Guac Is Extra: Financial Outlet Sues Chipotle Over March '17 Data Breach |url=https://www.classaction.org/news/guac-is-extra-financial-outlet-sues-chipotle-over-march-17-data-breach |url-status=live |access-date=13 March 2026 |website=ClassAction}}</ref> A settlement was reached in 2019, compensating customers affected between March 24 and April 18 $250 or $10000.<ref>{{Cite web |date=23 July 2019 |title=Chipotle Data Breach Class Action Settlement |url=https://topclassactions.com/lawsuit-settlements/closed-settlements/chipotle-data-breach-class-action-settlement/ |url-status=live |access-date=14 March 2026 |website=Top Class Action}}</ref>
+Between March 24 to April 18, hackers were able to infiltrate Chipotle [[wikipedia:Point_of_sale|point of sale systems]] through a malware attack, affecting over 2,250 locations globally and resulting in some customers name, card number, expiration date, and verification code information being stolen. On April 25, Chipotle disclosed and started an investigation into the incident. Additionally The company claimed no other information was collected.<ref>{{Cite web |date=26 May 2017 |title=CHIPOTLE MEXICAN GRILL REPORTS FINDINGS FROM INVESTIGATION OF PAYMENT CARD SECURITY INCIDENT |url=https://www.oag.ca.gov/system/files/Chipotle%20-%20Substitute%20Notice%20and%20Press%20Release_0.pdf |url-status=live |access-date=13 March 2026 |website=Chipotle — Security Inciden}}</ref> <blockquote>“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures,” the company says. “In addition, we continue to support law enforcement”s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.”<ref>{{Cite web |last=TRUȚĂ |first=Filip |date=30 May 2017 |title=Chipotle customers told to 'remain vigilant' as POS hack probe reveals most restaurants affected |url=https://www.bitdefender.com/en-us/blog/hotforsecurity/chipotle-customers-told-to-remain-vigilant-as-pos-hack-probe-reveals-most-restaurants-affected |url-status=live |access-date=13 March 2026 |website=Bitdefender}}</ref></blockquote>This resulted in a lawsuit being filed against Chipotle on May 4 for failure to conduct adequate security measures and prevent future breaches.<ref name=":1">{{Cite web |last=Rizzi |first=Corrado |date=4 May 2017 |title=Guac Is Extra: Financial Outlet Sues Chipotle Over March '17 Data Breach |url=https://www.classaction.org/news/guac-is-extra-financial-outlet-sues-chipotle-over-march-17-data-breach |url-status=live |access-date=13 March 2026 |website=ClassAction}}</ref> A settlement was reached in 2019, compensating customers affected between March 24 and April 18 $250 or $10000.<ref>{{Cite web |date=23 July 2019 |title=Chipotle Data Breach Class Action Settlement |url=https://topclassactions.com/lawsuit-settlements/closed-settlements/chipotle-data-breach-class-action-settlement/ |url-status=live |access-date=14 March 2026 |website=Top Class Action}}</ref>
 ===2019 Data Breach===