Chipotle

In a sophisticated cyber-attack led by the group Fin7 using the Carbanak malware, Chipotle Mexican Grill suffered a significant data breach affecting numerous U.S. locations. The attackers managed to steal the details of 15 million payment cards by compromising the restaurant chain's payment systems. The method involved carefully planned intrusions leveraging malicious documents to install the Carbanak banking Trojan, which allowed them to manipulate point-of-sale systems and harvest financial data over a period of months. This breach was part of a larger series of attacks attributed to Fin7, which targeted over 120 U.S. companies, resulting in substantial financial and reputational damage. Despite arrests made in connection to the Fin7 group, the impact of the breach on Chipotle and its customers highlights the ongoing vulnerability of retail and food service industries to sophisticated cybercriminal operations.

Source: https://carnegieendowment.org/specialprojects/protectingfinancialstability/timeline

"id": "chi1005050724",
"linkid": "chipotle-mexican-grill",
"type": "Cyber Attack",
"date": "08/2018",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"