There isn't a lot of information available to this story as to how the attack occurred. But that in itself is telling.
The attack against the payment systems highlights that even with PCI DSS controls in place to segment and protect payment networks, companies need to remain vigilant against attacks and have broad monitoring and threat detection capabilities in place that can alert to an attack in a timely manner so that the appropriate response may be taken.
"We want to make our customers and investors aware we recently detected unauthorized activity on a network that supports payment processing for purchases made in our restaurants," chief financial officer Jack Hartung told analysts during an investor presentation. He said that Chipotle (CMG, +2.50%) had implemented additional security measures, actions it believes stopped the unauthorized activity, which the restaurant chain estimates occurred between March 24 through April 18.