GAINESVILLE, Fla.–Police here are seeking the identity of a man who was able to steal money from consumer and CU member accounts using information from the data breach at Chipotle Mexican Grill restaurants earlier this year.
According to police, the man, whose image was captured by ATM cameras, used cloned credit cards and customer/member PINs to repeatedly withdraw cash from an ATM that totaled more than $17,000. More than 40 accounts were affected.
Among the ATMs used was one owned by Campus USA Credit Union in Gainesville, Fla.
The Gainesville Police Department said they are unsure how the suspect may have gotten the credit card information. Police theorized he may have purchased it on the dark web; that people involved in the actual nationwide hack of Chipotle restaurants may have reached out to others to make withdrawals on their behalf, and that using an ATM in the city where the account is based is less likely to trigger a fraud alert.
“I would seriously doubt that someone with the knowledge of a malware attack such as Chipotle’s would be silly enough to get his face on an ATM camera,” a police spokesperson told the Gainesville Sun.