It seems to be getting more difficult to stay protected from cybercriminals. Even swiping your credit or debit card at a retail location is risky these days. That's because criminals are constantly searching for companies with insufficient security so they can rip us off.
When we use our cards to purchase goods, we expect the company to have a secure point-of-sale system. That's not always the case. We've just learned of a massive data breach at one of the country's most popular chain restaurants and your finances could be at risk.
Has your financial information been stolen?
An investigation was recently completed showing a huge data breach at Chipotle Mexican Grill locations all across the U.S. Criminals were able to install malware on the company's point-of-sale (POS) devices that were used to steal payment card data.
The breach occurred between March 24, 2017 and April 18, 2017. So if you visited a Chipotle during that time-frame, you could be impacted by this breach.
Here is a list of data potentially stolen by the criminals:
- Cardholder name
- Card number
- Card expiration date
- Internal verification code
The time-frame of the breach also varies by location. The company has set up a webpage that will let you search to see if the location you visited was impacted.
Click here to go to that page and then select the state in which you visited the Chipotle from the provided dropbox. The results will show impacted locations along with the time-frame that specific location was affected by the breach.
Chipotle said it's working with security companies and has removed the malware from its POS. Any time a breach like this occurs there are safety steps you need to take. Continue reading to find out what you need to do now.
What you need to do after a data breach
- Keep an eye on your bank accounts - You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when credit card data has been exposed through a data breach. If you see anything that seems strange, report it immediately.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Investigate your email address - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.