Chipotle’s Marketing Service Breached, What You Need To Know

If you signed up to receive emails from Chipotle Mexican Grill, you may have gotten more than just coupons in your inbox.

Last month, the fast food chain’s marketing service was breached. This led to customers receiving phishing emails and other dubious links that, when clicked, aimed to steal personal information. The cybersecurity attack occurred through Chipotle’s email vendor, Mailgun. Hackers were able to send out emails through the service in order to trick those who opted into the company’s database.

According to an INKY report, two vishing attacks, 14 cyber attacks impersonating USAA bank, and 105 emails redirecting to fake sites were sent from July 13th to July 16th. The hacking of Chipotle’s marketing service is similar to another attack that occurred in May. The May attack has been linked to Nobelium, a threat actor that was credited with the SolarWinds attack on the United States government earlier this year. Inky believes this current attack appears to be a case of copying, and not another Nobelium related case.

The Mexican restaurant chain also suffered a security breach back in 2017, where payment card information was stolen using malware. It affected the majority of restaurants under the chain, around 2,250 at the time. The information stolen included names, CC numbers, security codes as well as card expiration dates. The malware was removed from their computer systems after an investigation.

If you find out your sensitive information has been compromised in a data breach, you should first change any passwords or credentials associated with a hacked account. You can then alert the necessary authorities, such as the Federal Trade Commission (FTC) by reporting fraudulent activity here. You should also make sure to review your credit report and credit card statements for any suspicious activity. Freezing or locking your credit reports is also an option.