How safe is your card?
Data breach hit Chipotle restaurants in Arizona
Chipotle restaurants across Arizona were struck in the chain’s recent data breach, the company reported.
For almost a month earlier this year, malware was picking up data from cards used on point-of-sale payment devices at Chipotle restaurants.
The stolen information included customer card number, expiration date, and internal verification code and, potentially, the cardholder name, the company said.
Chipotle asked customers who had paid by card at the restaurants between March 24 and April 18 to check their statements and report any unauthorized activity to their card issuer.
“Payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner,” the statement said.
A list of affected restaurants was posted on Chipotle’s website.
It appeared that Arizona, California, Florida, Illinois and Texas had the most restaurants affected. Not all locations were involved, and the specific time frames vary by location.
The company provided information on the scope of the cyberattack in a statement Friday, made after cybersecurity firms, law enforcement and the payment card completed an investigation.
It’s been a rough couple of years for Chipotle. The company appeared to be
digging out of a hole created by a host of food-safety issues in 2015 that sickened people across the country.
In multiple incidents, customers fell ill, stores were shut down and Chipotle sales plunged.
The trouble began for the Denverbased Mexican chain in August 2015 when Minnesota customers were infected with salmonella and nearly 100 more in Southern California came down with norovirus after eating at Chipotle.
Through late 2015, cases of norovirus and E.coli were reported by Chipotle customers. Customers sued.