Estimated reading time: 0 minutes, 43 seconds

Chipotle HR Emails Generated from Unregistered Domain

Mexican fast food restaurant Chipotle’s human resource department was using an unregistered domain to send emails to job applicants, creating a digital security risk. So reports Naked Security.

The domain, chipotlehr.com, was subsequently purchased by unemployed IT worker Michael Kohlman for $30, who in turn tipped off security blogger Brian Krebs to the situation. Kohlman said once he bought the domain he began receiving all emails sent to the domain.

“If he’d wanted to, Kohlman could have stolen personal information from those job applicants such as their names, email addresses, phone numbers, and so on,” according to the article. Kohlman offered to give Chipotle the domain for free, but the company refused. Chipotle told Krebs in an email there was no security risk because the domain was never functional and described the matter as a “non-issue.”  

Read the full article from Naked Security

Read 5515 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.