Hackers stole credit card information from customers at Chipotle restaurants across the U.S. between March 24 and April 18, the company announced today. Chipotle announced in April that it had been the victim of an attack and today provided details about the type of information stolen from customers, including “the cardholder’s name, as well as card number, expiration date and internal verification code.” No other information was compromised, Chipotle said.
The attack siphoned data from the magnetic strips of credit cards used at Chipotle locations in the U.S. The company has not disclosed how many customers were affected, but offers a searchable list of the actual locations affected, including the dates each restaurant was vulnerable. Some restaurants were compromised for about a week, others for a full four weeks. If you paid at Chipotle with a credit card in March or April, here’s the list of affected restaurants.
“Due to the nature of the incident and the type of data involved, we do not know how many individual payment cards may be affected,” Chipotle spokesman Chris Arnold told Engadget.
As Reuters Chipotle does not offer credit monitoring services to compromised customers. The company said monitoring services do not notify customers when a fraudulent charge is made in their name.
“Chipotle takes this type of issue very seriously and we regret any inconvenience or concern it may have caused,” Arnold told Engadget. “To prevent a similar incident from happening again, we have resolved the issue and continue to work with cybersecurity firms to explore ways to improve our security measures.”
