Scam of the day – May 28, 2017 – Chipotle data breach update

Today’s scam of the day is an update of the Scam of the day from April 28th when I first wrote about the data breach at Chipotle Mexican Grill. After  a series of food safety problems in 2015, the Chipotle Mexican Grill restaurant chain had recently regained sales, but that could change with the announcement by the company that it had suffered a data breach affecting most of its 2,550 restaurants between March 24th and April 18th. Following an all too predictable pattern, the data breach came about as a result of malware that stole credit card and debit card information from Chipotle’s card processors.  This in great part is due to the fact that Chipotle has still not updated its credit card processing equipment to handle the more secure chip credit cards as required by industry regulations.

Here is a link to Chipotle’s  updated official announcement about the data breach which, if you ate at a Chipotle’s restaurant during the relevant period, also provides a link to inform you if the particular restaurant you went to is affected by the data breach.


As consumers the best thing you can do is to use your EMV chip card whenever possible.  Unfortunately, Chipotle is just one of many retail establishments that still have not updated their credit card and debit card processing equipment to use EMV chip cards.  For further personal protection, don’t use your debit card for retail purchases because the protection from liability that you get regarding fraudulent use of a debit card is not as strong as the liability protection you get when using a credit card. In addition, even if you report fraudulent use of your debit card immediately to your bank, your bank account to which the card is tied will be frozen and inaccessible to you while the bank investigates the matter.

If you were a customer of Chipotle’s during the affected period, it is a good idea to carefully monitor the charges on your credit card for indications of fraudulent use.

Scam of the day – August 28, 2016 – Russian hacker convicted of massive credit card theft

Two years ago, I first told you about the arrest of Russian hacker Roman Seleznev who this week was convicted of hacking into small businesses accross the United States including many pizza parlors, stealing credit card information and selling it on the Dark Web to other cybercriminals.  He even had a website in which he instructed would-be cyberciminals about how to use the stolen credit cards.   Seleznev has been incarcerated while awaiting trial for two years and faces a sentence of up to forty years in prison.


What does this conviction mean to you and me?  It is more of a reminder of how large the problem is.  Hacking into retailers at point of sale terminals in stores has become a relatively easy task to accomplish and not only is it easy to accomplish, it does not even have to be done at the store.  It can be done totally over the Internet by hackers anywhere in the world.   Although the EMV smart card chip technology mandated for retailers and credit card companies in October of 2015 prevents attacks such as those of Seleznev from being effective, many retailers have still chosen not to comply with the regulations which are trade group regulations and not a government mandate.  Therefore, the most prudent thing for you to do when shopping at a company that does not use your EMV chip card is to first, refrain from using your debit card for retail purchases so that your bank account is not at risk in a hacking attack  It is important to remember that the rules protecting you from liability for fraudulent use of a debit card are not as strong as those that protect you from liability for fraudulent use of your credit card  You also should monitor your credit card’s use regularly to discover any fraudulent use as early as possible.

This story is also a good example that the risk of data breaches is a risk to small businesses as well as large businesses.  Often small businesses are targeted by hackers as the low hanging fruit because they have not taken proper security steps.

Scam of the day – February 9, 2014 – How the Target Hackers did it and what it means to you

It is being reported that forensic computer investigators have discovered how the Target hackers managed to infiltrate the Target point-of-sale computer devices and systems, enabling them to steal credit and debit card information of more than a hundred million people.  Apparently the hackers first managed to hack into a less secure HVAC company (heating and air conditioning) Fazio Mechanical Services, Inc. that worked for Target and steal that company’s access to the Target computer systems.  You might ask why a HVAC company would need computer access to Target.  The reason is that through Target’s computers, the HVAC company could monitor and control the heating and air conditioning systems in individual Target stores.  However, Fazio presently denies that it does such remote monitoring.  A company spokesman did say, however, that it did submit bills and contract proposals electronically to Target and it is possible that it was those such documents which were corrupted by the hackers to gain access to Target’s computer system  Unfortunately, the security used by smaller companies, such as the HVAC company here leave much to be desired and it is there lax security that appears to have been exploited by the hackers who were able to exploit that vulerability to get access to the internal network of Target’s computers.


Greater attention needs to be given by companies such as Target to providing greater security to important parts of their computer networks, such as its point-of-sale devices, recognizing the real possibility of a backdoor hacking of their computers by criminals, such as those who hacked into Target.  With third party companies, such as HVAC companies routinely having access to the computer networks of large chain stores, such as Target, their financial transactions must be secured better.  We can expect to see1 many more of these point of sale hackings in the days and weeks ahead, which means that many of you will end up having your card information stolen.

So what should you do?

You may wish to switch to cash, but for many of us that is not a viable choice.  Do not use your debit card for any retail purchases.  Limit its use to ATMs.  The consumer protection laws for fraudulent use of a debit card are much less protective than the laws pertaining to fraudulent use of a credit card.  Monitor the use of your credit car regularly and be on the look out for any fraudulent use.  Finally, some credit card issuers are issuing the new chip cards, which are safer than the old magnetic strip cards, if you specifically request one.  You may wish to do so.