NEW YORK (CNNMoney) – Gainesville police are asking for the public's help to identify a man they believe could be connected to a data breach that hit Chipotle restaurants in March.
The cybersecurity attack, which affected locations in Gainesville and elsewhere, allowed hackers to steal credit card information from customers.
Recommended Videos
Gainesville police said some of that cloned credit card information and PIN numbers were used by the man they're trying to identify to pull more than $17,000 from ATMs. More than 40 victims were affected, police said.
Police said surveillance video shows the man spending several minutes at an ATM, making multiple withdrawals. They said a vehicle could not be tied to him based on the surveillance footage.
Gainesville police said the transactions took place June 30 through July 1 between 5:30 p.m. and 11:30 p.m. at the Campus USA Credit Union on SW Fifth Avenue.
"If he's not the original hacker, he may have bought that information as well, and just had it localized to his region so he doesn't set off the anti-theft safe guards the credit cards have in place," said Chris Hamer, News4Jax technology expert. "Either way, he benefited from the hack. If he's directly involved, it remains to be seen."
Hamer also offered some steps that people can take when using their credit or debit cards.
"Safeguard your PIN code if you're going to use your debit card," Hamer said. "Check your statement regularly. Get chip cards instead of strip cards because those are more secure. And be responsible with your money."
Anyone who can identify the man or knows his location is asked to call Detective Derek Tirado at 352-393-7616 or submit information anonymously by calling CrimeStoppers at 352-372-STOP or by texting keyword GPDFL plus a tip to 274637.
Data breach reported
Chipotle first acknowledged the data breach on April 25. But a blog post later revealed the kind of malware used in the attack and the restaurants that were affected.
The list of attacked locations was extensive and includes many major U.S. cities. When CNNMoney asked the company about the scale of the attack, spokesman Chris Arnold said that "most, but not all restaurants may have been involved."
Chipotle said in its blog post that it worked with law enforcement officials and cybersecurity firms on an investigation.
The breaches happened between March 24 and April 18. The malware worked by infecting cash registers and capturing information stored on the magnetic strip on credit cards, called "track data." Chipotle said track data sometimes includes the cardholder's name, card number, expiration date and internal verification code.
The company said there is "no indication" that other personal information was stolen.
"During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures," the blog post reads.
A list of the restaurants and times they were affected can be found on Chipotle's website.
The company recommended that customers scan their credit card statements for potentially fraudulent purchases. It also said victims should contact the Federal Trade Commission, the attorney general in their home states or their local police department.