It seems that every week there is a new cybersecurity breach. Chipotle Mexican Grill has recently came forward stating that they have been a victim of a massive malware attack, which has resulted in customer payment information being stolen.


Chipotle Hack – The Facts

After working diligently the past two years to repair their reputation after an E.coli outbreak from its restaurants back in 2015, Chipotle came forward on Friday, May 27th stating that there is information regarding a massive data breach occurring over the course of March 24th and April 18th, at most of its locations. The information indicates that hackers used malware in order to steal the payment information of customers from most of the chain’s 2,249 restaurants. The hackers were able to get the customer names, card numbers, expiration dates and verification codes. While unsure exactly how many cards have been affected, Chipotle has assured the public that the malware that caused the security breach has been removed.

Chipotle is currently working with a cybersecurity firm in order to enhance their current security measures and suggests that anyone who has dined at one of their locations during that time period should check their bank statement frequently in order to quickly catch fraudulent activity.

To read more on the malware attack, click here.


What is Malware?

Malware is a pesky type of software that is used to secretly access a device without the user’s knowledge. Another name for malware is spyware, which does exactly what it sounds like: steals personal information (such as credit card information). Malware is created by professional cybercriminals and can quickly rack up credit card bills in your name.

Here are a few malware statistics:

  • Businesses with less than 250 users are the most-targeted when it comes to malware attacks, although anyone is at risk for an attack.
  • Human error is responsible for the majority of all cybersecurity breaches
  • It only takes 9 minutes for cybercriminals to access stolen information that is posted to hacker sites.
  • 78% of people claim to be aware of the risks of clicking on unknown links in emails, but click anyway.
  • 75% of healthcare industry has been infected with malware over the last year

With this information, what is your business doing to take protective cybersecurity measures throughout the rest of 2017 and the next coming year?

52% of businesses that were victim to a successful cyber-attack in 2016 have not made any changes to their cybersecurity in 2017.


How Malware Spreads

Here are a few ways that malware can sneak its way onto your device:

  • Downloading software (free or legitimate) that may be secretly infested with malware
  • Clicking on links or pop-up windows that cause malware to begin downloading
  • Opening an email attachment that contains malware
  • Visiting a website that is contaminated with malware


Preventing Malware Attacks

No business is 110% safe from a cyber-attack, but since the majority of cybersecurity attacks are caused by human error, there are a few ways that you can do your part in helping to mitigate the risk of an attack.

Here’s how you can prevent a cybersecurity breach at home or at work:

  • Do not save your passwords in web browsers, no matter how convenient it is.
  • Secure your network by making sure that it is password protected.
  • Avoid spam, whether it be email, pop-up windows or social media ads. Yes, this means you do not need to take the quiz to find out what kind of bird you are on Facebook. Often times, while it may look legitimate, this is a frequently used tactic of cybercriminals used to gain personal information.
  • Keep your programs updated. These updates are used to prevent bugs within the program that can cause viruses. It’s time consuming, but necessary.
  • Create passwords that are creative and difficult to guess. Password123 just is not going to cut it anymore.
  • Train employees on cybersecurity prevention


Don’t find yourself included in the 52% of companies that aren’t taking any action with security changes after a cybersecurity attack. By investing in a company like Preparis, you are able to gain access to all the resources you need to train employees on how to respond and recover in the event of a business disruption, whether that be a natural disaster, workplace violence or cybersecurity attack.

To read more on the services that Preparis offers, click here.