Another day, another data breach!
Chipotle Mexican Grill has now revealed full details of a spring data breach following several weeks of investigation.
These Chipotle restaurant locations were hit in POS breach
From March 24 to April 18, criminals used malware at select Chipotle locations to capture info from debit and credit cards used in point-of-sale transactions (POS) inside the stores.
The malware was designed to target track data on cards, so info such as cardholder name, card number, expiration date and internal verification code was left vulnerable to crooks.
No other info is believed to have been compromised in this breach.
It’s important to note that not all Chipotle locations were involved in this breach. Find out if the location you frequent was hit by searching this company-provided database.
Also impacted in the breach were customers of seven specific Pizzeria Locale restaurants, which is an affiliated company of Chipotle.
Keep these things in mind after any data breach
Watch your statements carefully
Go through your credit card and debit card statements with a fine tooth comb. Identify any bogus charges the crooks may have pushed through and dispute them immediately with your bank or credit card company.
Remember the basic rules of online safety
Do not click on any link in any email you receive purporting to be from the company that was breached. Do not dial any number listed as an “official” phone number in any email. It’s easy for criminals to create fake websites and fake phone numbers.
If you believe the company is trying to get in touch with you, you must log out from your email and go directly to the company website on your own to find the true contact info. Do not sign in on any communication that comes to you where it says “click here to sign in.”
Set up a separate account if you must use a debit card
The reality is customers who use debit cards are hit hardest by any breach. If you wish to continue using debit in the future, be sure you tie it into a separate account that’s only used for debit transactions.
That way, only the money you transfer to your separate account is at risk in a breach — not the money you need to pay your mortgage or a car note. Or to put food on the table!
Consider ditching debit altogether
To understand just how bad debit cards are, you first have to look at the consumer protections afforded to credit cards.
Normally you have a $0 liability in a case where crooks potentially have your credit card number but not the physical card. In the absolute worst-case scenario, your maximum liability would be $50…and some credit issuers will waive even that.
But if you used a debit card, it’s a whole different story!
Debit cards are dangerous to your wallet. They don’t have the normal protections under federal law offered by a credit card. With a breached debit card, you have only two business days after you notice that the money is gone from your account to speak up…or else your liability rises to $500.
And under some circumstances, your liability with a debit card can be unlimited!
Do a credit freeze
The standard corporate position after a data breach is to offer free credit monitoring for a year.
But credit monitoring only puts fraud alerts on your credit files with the three main credit bureaus. These alerts are meant to raise a flag to potential creditors, letting them know they should carefully verify an applicant’s identity before extending credit. Yet all too often these alerts are ignored.
There’s a better alternative and it’s called a credit freeze. You’ll pay zero to $10 per bureau to do a credit freeze, depending on your state, and it will shut a criminal down cold when they try to apply for new lines of credit in your name.
Read our credit freeze guide here; it will walk you through the easy process of putting a freeze in place on your files.