Chipotle says customer credit card data stolen from most stores

People who ate at Chipotle Mexican Grill restaurants should keep an eye on their credit and debit card statements. Hackers stole customer credit card numbers between March and April from Chipotle locations around the country, the company has announced.

Chipotle said the company found malicious software stealing credit card data from it’s point-of-sale system between March 24 and April 18. Company spokesman Chris Arnold told USA Today that the data breach affected most of Chipotle’s 2,249 restaurants.

Chipotle initially reported the hack on April 25, but the company released more information Friday on just how bad the breach was.

“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device,” the company said in a press release. The time frame for when hackers were able to steal credit card numbers differs by store

Chipotle said the company was able to remove the malware and “continues to work with cyber security firms to evaluate ways to enhance its security measures.”

"Because of the nature of the incident and the data involved, we lack sufficient information to determine how many unique payment cards may have been involved," Arnold told USA Today.

The company also released a tool on its website to see which stores were affected on what dates.

This story was originally published May 27, 2017 at 11:20 AM with the headline "Chipotle says customer credit card data stolen from most stores."