Chipotle is releasing more information about the credit card security incident they initially reported on April 25, including details about which locations were hit.
In a lengthy release, the company says an investigation revealed malware designed to access payment data on credit cards was used at most of its 2,249 restaurants across the country between March 24 and April 18 of this year.
One hundred eighty-eight Chipotles were hit by the security breach in Texas, including six Central Texas locations. Copperas Cove, Harker Heights, Killeen and two Waco locations were affected by the breach.
Customers can search their local Chipotle using the tool provided on the company's website, which also lists the specific time frame when the malware was used. It notes that "not all locations were identified" in the investigation and that "specific time frames vary by location."
The company lists a number of steps customers can take to ensure they are protected.
Chipotle said the malware that breached its system has been removed.
"Because of the nature of the incident and the data involved, we lack sufficient information to determine how many unique payment cards may have been involved," said company spokesperson Chris Arnold.
Information taken through the malware included card numbers, expiration dates, internal verification codes, as well as the cardholder's name.
City | Address | Dates |
Copperas Cove | 3018 E. US Highway 190, Ste 300, 76522 | 3/27/2017-4/18/2017 |
Harker Heights | 2021 E. Central Texas Expressway, Suite 1400, 76548 | 3/24/2017-4/18/2017 |
Killeen | Clear Creek Shopping center, Building 4250, Unit 105, 76544 | 3/27/2017-4/18/2017 |
Temple | 3550 South General Bruce Dr. Bldg D, Suite 126, 76504 | 3/25/2017-4/18/2017 |
Waco | 721 S 4th Street | 4/3/2017-4/18/2017 |
1115 North Valley Mills Dr, 76710 | 3/25/2017-4/18/2017 |