Chipotle Mexican Grill whose sales have only recently improved following food safety issues in 2016 just took another hit with its announcement that it had suffered a data breach affecting the credit card processing systems at its restaurants. The data breach was just discovered and according to Chipotle occurred between March 24th and April 18th 2017. Here is a link to Chiptole’s public statement on the matter.
Because Chipotle has not yet determined the extent of the data breach or the identity of all affected restaurants, if you were a Chipotle customer during the period of the data breach, you should carefully check your credit card statements. As more information about this data breach becomes available, I will inform you of it.
The primary reason for the continuing problem of credit card data breaches at restaurants, hotels and retail establishments is that many of these companies are still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards. Regulations effective October 1, 2015 mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment. If smart EMV chip cards had been used at Chipotle, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, Chipotle and its customers face financial problems from this data breach.
Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted more than a year ago, continue to occur again and again. As for us, as consumers, the best thing we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases. In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company. You also should regularly monitor your credit card statements for indications of fraudulent use.