An investigation identified malware that was used to access data from payment cards used on point-of-sale devices at certain Chipotle restaurants between March 24 and April 18.
The malware searched for data — which sometimes has cardholder name in addition to card number, expiration date, and internal verification code — from the magnetic stripe of a payment card when it was swiped.
There is no indication that other customer information was affected, and Chipotle has removed the malware at the approximately 2,250 restaurants.
Lists of affected Chipotle locations and time frames are available at www.chipotle.com/security. Not all locations were involved, and the time frames vary by location.
Customers with questions can visit www.chipotle.com/security or call 1-888-738-0534 from 9 a.m. to 9 p.m. weekdays and 9 a.m. to 5 p.m. weekends.
Click here to follow Daily Voice Lewisboro and receive free news updates.