Chipotle has confirmed that a threat agent (hacker) installed malware, which targeted the company’s point-of-sale systems between March 24th and April 18, 2017. The malware was able to obtain the credit card number, name on the card, expiration date, and internal verification code. The attack pulled the information off the magnetic strip of credit cards used physically in both Chipotle  and Pizzeria Locale restaurants, which is also owned by the parent company of Chipotle .

The breach affected most of the company’s locations across the continental United States, but the full scope of the breach has yet to be determined. A Chipotle  spokesperson told Engadget that, “Because of the nature of the incident and the type of data involved, we do not know how many unique payment cards may have been involved.” The company has launched a web page to assist customers that used their credit cards in the restaurants between the affected dates. Chipotle has stated that an outside security firm, which it hired to assist in combating the threat, has removed all traces of the malware from the point-of-sale systems.

As with all breaches that effect personally identifiable information (PII), we suggest that you closely monitor your bank account and/or credit card statements to look for fraudulent charges and alert your institution promptly if any are found. The information provided by Chipotle  from their web page is useful, but currently the company is still trying to determine the full extent of the breach.


Current List of Affected Restaurants:

Posted by Shawn Thornton

My name is Shawn and my professional background is in Project Management and Information Technology. I received my Bachelor of Science in Management and Marketing from the Merrick School of Business at the University of Baltimore. I am currently attending school to prepare me for a Master’s program in Cyber Security. I enjoy anything tech.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s