Chipotle has made every effort to recover from a tough year — including a drop in sales and several high-profile food safety incidents — with new and improved tortillas, a comedic ad campaign, and a commitment to cutting added colors, flavors, and preservatives to its menu items, but the company has come across a snag in its plan to move forward: a potential credit card breach.
On Tuesday, the company made an announcement on its site warning customers of a “data security incident.” According to Chipotle, unauthorized payment activity was spotted for purchases made in its restaurants.
“We immediately began an investigation with the help of leading cyber security firms, law enforcement, and our payment processor. We believe actions we have taken have stopped the unauthorized activity, and we have implemented additional security enhancements,” the company said in the statement.
“Our investigation is focused on card transactions in our restaurants that occurred from March 24, 2017 through April 18, 2017. Because our investigation is continuing, complete findings are not available and it is too early to provide further details on the investigation. We anticipate providing notification to any affected customers as we get further clarity about the specific timeframes and restaurant locations that may have been affected.
“Consistent with good practices, consumers should closely monitor their payment card statements. If anyone sees an unauthorized charge, they should immediately notify the bank that issued the card. Payment card network rules generally state that cardholders are not responsible for such charges.”
Despite the security breach, Chipotle also unveiled details about its new dessert item this week. According to Business Insider, the new buñuelos are made of fried tortillas topped with honey, sugar, and cinnamon. The dessert will also come with an apple caramel dipping sauce.