In April, we reported that a security breach at Chipotle had exposed customer credit card information to digital hackers. However, an investigation has turned up more information on the April 25 incident, and it’s worse than we thought. A sizable portion of Chipotle stores have been affected by the security breach, including locations in dozens of major cities across 48 out of 50 states. California, Arizona, Florida, Illinois, and Texas were the states most egregiously hit by the data breach.
If you visited a Chipotle between March 24 and April 18, 2017, Chipotle is advising you to check whether your location was affected here and then to contact your bank or credit card company if there has been any suspicious activity on your account. The malware stole tracking data from Chipotle’s security system which can include cardholder names and card numbers, expiration dates, and internal verification codes. Seven locations of Pizzeria Locale — the Chipotle-owned fast-casual pizza chain — have also been affected.
“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures,” Chipotle said in a statement. “In addition, we continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.”
Chipotle has seen some rough days since a catastrophic foodborne illness spread in 2015. Since then, the chain has been scrambling to repair its image — here are 12 ways they’ve been trying to win back our trust. This security breach likely won’t help.