Chipotle Mexican Grill

Chipotle Mexican Grill, along with several other familiar chains such as Chili’s, Arby’s, and Jason’s Deli, fell victim to the cybercriminal group FIN7. This notorious group managed to breach the computer networks across 47 states and the District of Columbia in the United States, compromising over 15 million customer card records from more than 6,500 point-of-sale terminals at over 3,600 business locations. The scope of FIN7's activities was not confined to the US alone; their intrusions extended globally, impacting businesses in the United Kingdom, Australia, and France as well. Among the businesses affected, Chipotle Mexican Grill stands out due to its significant brand presence and the vast scale of customer data compromised, marking a significant reputation and financial impact.

Source: https://www.fbi.gov/contact-us/field-offices/seattle/news/stories/how-cyber-crime-group-fin7-attacked-and-stole-data-from-hundreds-of-us-companies

TPRM report: https://scoringcyber.rankiteo.com/company/chipotle-mexican-grill

"id": "chi011050724",
"linkid": "chipotle-mexican-grill",
"type": "Breach",
"date": "04/2023",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"

{'affected_entities': [{'customers_affected': 'Over 15 million customer card '
                                              'records',
                        'industry': 'Food and Beverage',
                        'location': ['United States',
                                     'United Kingdom',
                                     'Australia',
                                     'France'],
                        'name': 'Chipotle Mexican Grill',
                        'type': 'Restaurant Chain'},
                       {'industry': 'Food and Beverage',
                        'name': 'Chili’s',
                        'type': 'Restaurant Chain'},
                       {'industry': 'Food and Beverage',
                        'name': 'Arby’s',
                        'type': 'Restaurant Chain'},
                       {'industry': 'Food and Beverage',
                        'name': 'Jason’s Deli',
                        'type': 'Restaurant Chain'}],
 'attack_vector': 'Point-of-Sale Terminals',
 'data_breach': {'number_of_records_exposed': 'Over 15 million',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Customer Card Records'},
 'description': 'Chipotle Mexican Grill, along with several other familiar '
                'chains such as Chili’s, Arby’s, and Jason’s Deli, fell victim '
                'to the cybercriminal group FIN7. This notorious group managed '
                'to breach the computer networks across 47 states and the '
                'District of Columbia in the United States, compromising over '
                '15 million customer card records from more than 6,500 '
                'point-of-sale terminals at over 3,600 business locations. The '
                "scope of FIN7's activities was not confined to the US alone; "
                'their intrusions extended globally, impacting businesses in '
                'the United Kingdom, Australia, and France as well. Among the '
                'businesses affected, Chipotle Mexican Grill stands out due to '
                'its significant brand presence and the vast scale of customer '
                'data compromised, marking a significant reputation and '
                'financial impact.',
 'impact': {'brand_reputation_impact': 'Significant',
            'data_compromised': 'Customer Card Records',
            'payment_information_risk': 'High',
            'systems_affected': 'Point-of-Sale Terminals'},
 'references': [{'source': 'Cyber Incident Description'}],
 'threat_actor': 'FIN7',
 'title': 'Chipotle Mexican Grill Data Breach by FIN7',
 'type': 'Data Breach'}