Chipotle Mexican Grill said that whoever hacked into payments system used malware that searched for consumer track data read from the magnetic stripes of cards. That data can give criminals access to card numbers and expiration dates.
“There is no indication that other customer information was affected,” the chain said. Hackers can read track data when a payment card is being routed through a point-of-sale system, the chain said.
Chipotle said the breaches took place between March 24 and April 18 in almost all U.S. states. The chain did not say how many customers might have been affected but it has encouraged customers to watch their financial statements for signs of criminal activity. Chipotle also said it will notify affected customers.
Chipotle could be facing significant costs depending on the cause of the digital intrusion and its scope. For instance, a data breach has proved costly for Target, which has settled various lawsuits for a total of $68.3 million.
- Chipotle Investigates Breach
- Target to Pay $18.5 Million to States in Data Breach Settlement
- Kimpton Hotels Latest Chain Hit by Malware