Chipotle has been having a rough few years. First, an E. coli outbreak that sickened people across the country and seriously damaged profits. And now, hackers who are stealing credit card information from customers. In search of fast, casual Mexican food, it looks like some people got their information hacked instead.
In April, Chipotle told investors that there had been “unauthorized activity” on a network that supports payment processing for purchases at both Chipotle and Pizzeria Locale (a fast-casual Italian restaurant that partnered with Chipotle years ago). Now the company is saying it’s more serious than that—malware was installed that stole customers’ credit card information. The data breach took place between March 24 and April 18, according to the company, and collected “track data” from some customers.
Track data is the information that gets transferred when a credit card’s magnetic strip is swiped through a payment device. According to Chipotle, the information accessed could have included cardholders’ name, card number, expiration date and verification code.
“There is no indication that other customer information was affected,” the company said in a statement last Friday.
The company says it has since removed the hacking malware and is working with cybersecurity firms to to improve safety measures.
CEO John Hartung told investors in April that Chipotle has “implemented additional security enhancements,” but declined to comment further on what those security measures might be. The company pledged to notify customers affected by the data breach with more specifics about time frames and restaurant locations that were affected, but hasn’t published any more details since their initial announcement.
In the meantime, make sure you keep a close eye on your card statements if you went to Chipotle between the dates mentioned. If you see any unauthorized charges or sketchy activity, make sure to contact your bank right away.
Between outbreaks of illness and hackers, investors might be even warier of the fast-casual chain than ever. And in the meantime, maybe we should all just switch to QDOBA.