News

Actions

Chipotle advises customers that their credit card information may have been stolen in breach

Customers who visited in March and April at risk
Posted
and last updated

Chipotle Mexican Grill announced Friday that it had identified and removed malware installed by hackers that lifted customer credit card data earlier this year.

Reports indicate that “most” Chipotle locations were affected by the hack, and restaurants were most vulnerable to the attack between March 24 and April 18.

Chipotle previously reported news of the hack on April 25 during a business meeting. On Friday, the restaurant said the malware had hacked point-of-sale devices at its stores, and that customers’ name, card number, expiration date, and internal verification code could have been lifted by hackers.

Those who visited the restaurant between March 24 and April 18 can visit Chipotle’s website to see if the store they visited was affected by the hack. According to the restaurant’s website, Chipotle is also advising customers to report any unauthorized charges to their card card issuers.

"There is no indication that other customer information was affected," Chipotle said on its website.

Customers can also call 888-738-0534 Monday through Friday between the hours of 9:00 a.m. and 9:00 p.m. EDT with any questions regarding the incident. 

Alex Hider is a writer for the E.W. Scripps National Desk. Follow him on Twitter @alexhider.