Chipotle Hacked: California, Florida, Illinois, And Texas Restaurants Are Most Affected By Security Breach

Ashley Hoffman

Chipotle Mexican Grill, the popular tex-mex food chain, has confirmed a cybersecurity attack that hit most of its restaurants and allowed hackers to steal credit card information from customers. Hackers installed malware that read a credit card's magnetic stripe as customers or staff swiped the card to pay for a meal. In general, Chipotle said it did not know how many payment cards or customers were affected by the cyber attack. However, the security breach struck most of its 2,250 restaurants.

The company first acknowledged the massive breach on April 25, 2017. The kind of malware used in the hacking was revealed in a blog post on Friday. The post reported the "finding from the investigation of the payment card security incident."

CNNMoney asked the popular burrito chain on Sunday about the scale of the attack, spokesman Chris Arnold said that "most, but not all restaurants may have been involved."

Chipotle restaurants across the U.S. were struck in the chain's recent data breach, the company reported. The malware was picking up data from cards used on point-of-sale payment devices at Chipotle restaurants for almost a month earlier this year.

The stolen information included customer card number, expiration date, and internal verification code and, potentially, the cardholder name, the company said.

It appeared that Arizona, California, Florida, Illinois, and Texas had the most restaurants affected. Not all locations were involved, and the specific time frames vary by location. A list of affected restaurants was posted on Chipotle's website. To see if you may have been a victim, check Chipotle's security blog here.

Chipotle asked customers who had paid by card at the restaurants between March 24, 2017, and April 18, 2017, to check their statements and report any unauthorized activity to their card issuer.

"Payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner."

In multiple incidents, customers fell ill, stores were shut down, and Chipotle sales plunged. In August, 2015, issues began with the Denver-based Chipotle Mexican Grill chain when Minnesota customers were infected with salmonella and nearly 100 more in Southern California came down with norovirus after eating at Chipotle.

In 2015, cases of norovirus and E.coli were reported by Chipotle customers -- who later sued the company. In an attempt to make a fresh start, Chipotle closed its nearly 19,000 stores on February 8, 2016, for a nationwide staff meeting to address the controversial food-safety issues.

Chipotle warned customers to closely monitor their card statements and notify their bank if they see any unauthorized charges.

[Featured Image by Andrew Renneisen/Getty Images]