[BreachExchange] Chipotle data breach leads to illegal ATM withdrawal

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jul 21 14:28:06 EDT 2017


https://www.scmagazine.com/chipotle-data-breach-leads-to-
illegal-atm-withdrawal/article/676626/

In another case of a cybercrime pushing its way into the physical world,
the Gainsville, Fla. police department are searching for a man spotted
allegedly stealing $17,000 from an ATM by using login credentials taken
during the Chipotle data breach earlier this year.

Gainsville police said they are searching for a man whose image was
captured on June 30 at the Campus USA Credit Union in Gainsville where he
allegedly used the login credentials from more than 40 people whose data
was taken during the Chipotle Data breach in May. The data was used to
clone fake credit cards which were then used with the PINs to withdraw the
money from the ATM.

The police believe the suspect may have bought the login information on the
Dark Web, although they doubt the person captured by the ATM camera was
involved in the hack, according to the Ocala Star Banner.

“I would seriously doubt that someone with the knowledge of a malware
attack such as Chipotle's would be silly enough to get his face on an ATM
camera,” Gainsville spokesman Officer Ben Tobias added in an email response
to questions about the case.

Five Chipotle restaurants hit by the POS breach are located in the
Gainsville region.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170721/0b18157b/attachment.html>


More information about the BreachExchange mailing list