Chipotle Mexican Grill announced Friday that most of its locations were affected by a credit card breach in which customer payment information may have been stolen.
An investigation identified malware that was used to access data from payment cards used on point-of-sale devices at certain Chipotle restaurants between March 24 and April 18.
The malware searched for data — which sometimes has cardholder name in addition to card number, expiration date, and internal verification code — from the magnetic stripe of a payment card when it was swiped.
There is no indication that other customer information was affected, and Chipotle has removed the malware at the approximately 2,250 restaurants.
Lists of affected Chipotle locations and time frames are available at www.chipotle.com/security . Not all locations were involved, and the time frames vary by location.
Customers with questions can visit www.chipotle.com/security or call 1-888-738-0534 from 9 a.m. to 9 p.m. weekdays and 9 a.m. to 5 p.m. weekends.