Hackers using malware viruses have stolen thousands of customers’ information of the course of three weeks from the majority of Chipotle Mexican Grill Inc.’s restaurants. Chipotle says that roughly 2,250 restaurants were hacked into between March and April of this year.
The stolen data includes account numbers and internal verification codes. This information could be used to create false accounts, fraudulent credit cards, or buy certain items online. It is recommended that if you used your card at Chipotle you be extra wary of any unusual activity on your bank account.
The breach once again threatens Chipotle’s business, as this isn’t the restaurant chain’s first scandal.
Hackers used malware to steal customer payment data from most of Chipotle Mexican Grill Inc’s (CMG.N) restaurants over a span of three weeks, the company said on Friday, adding to woes at the chain whose sales had just started recovering from a string of food safety lapses in 2015.
Chipotle said it did not know how many payment cards or customers were affected by the breach that struck most of its roughly 2,250 restaurants for varying amounts of time between March 24 and April 18, spokesman Chris Arnold said via email.
A handful of Canadian restaurants were also hit in the breach, which the company first disclosed on April 25.
Stolen data included account numbers and internal verification codes. The malware has since been removed.
The information could be used to drain debit card-linked bank accounts, make “clone” credit cards, or to buy items on certain less-secure online sites, said Paul Stephens, director of policy and advocacy at the non-profit Privacy Rights Clearinghouse.
The breach could once again threatens sales at its restaurants, which only recently recovered after falling sharply in late 2015 after Chipotle was linked to outbreaks of E. coli, salmonella and norovirus that sickened hundreds of people.