Chipotle Reports Data Breach Findings

The company removed the malware and continues to work with cyber security firms to enhance its security measures.

May 30, 2017

DENVER – Chipotle Mexican Grill followed up last week on a data breach it previously reported in late April. The investigation identified the operation of malware designed to access payment card data from cards used with POS devices at certain Chipotle and Pizzeria Locale restaurants between March 24 and April 18, 2017.

The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. Chipotle said that there is no indication that other customer information was affected, that not all locations were involved, and the specific time frames vary by location.

During the investigation, Chipotle removed the malware and continues to work with cyber security firms to evaluate ways to enhance its security measures. In addition, Chipotle continues to support law enforcement’s investigation and is working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.

In related data breach news, Target has agreed to pay $18.5 million to settle claims by 47 states and the District of Columbia and resolve a multi-state investigation into the retailer's massive data breach in late 2013, reports CNBC. Hackers stole data from up to 40 million credit and debit cards of shoppers who had visited its stores during the 2013 holiday season.

Advertisement
Advertisement
Advertisement