Chipotle Confirms Payment System Breached

Chipotle Mexican Grill confirmed it found payment-information stealing malware on its systems at locations across the country.

Chipotle disclosed the incident April 25, but recently released additional details about the investigated conducted by unnamed cybersecurity firms. They found malware designed to find track data—the payments details like names, credit card numbers and verification codes—on point-of-sales systems between March 24 through April 18.

Customers can look up if the malware affected stores they frequent, but the malware was located in at least 48 states. A company spokesman told Reuters the breach affected “most” of its restaurants.

They also detected the malware at seven locations of Pizzeria Locale, an affiliated company.

“During the investigation, we removed the malware, and we continue to work with cybersecurity firms to evaluate ways to enhance our security measures,“ the Chipotle statement said. Law enforcement is also investigating the incident.