Investigation’s results have shown that a malware installed at the vast majority of its more than 2,000 restaurant locations enabled hackers to steal customers payment card data. The restaurant chain says the point-of-sale malware attack ran from up to March 24 to April 18 and tracked info such as cardholder name in addition to card number, expiration date, and internal verification code, with no indication that other customer information was affected. The company says the breach reached restaurants in 47 states as well as the District of Columbia.
The breach also affected another chain the company operates, called Pizzeria Locale, according to BankInfoSecurity. Malware installed on POS terminals in seven of those restaurants - in Colorado, Kansas, Missouri and Ohio - was intercepting customers card numbers from March 27 to April 18, Chipotle says in a separate Pizzeria Locale security alert.
The company has posted an online identification tool into which consumers can enter a state, and then a city or town, to see if the location was known to have been breached. Nevertheless, consumers are warned that not every breached location may be listed.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now