Hackers used malware to access credit and debit card information from Chipotle Mexican Grill customers in Northeast Ohio and across the country in March and April, the company said Friday on its website.
The company advised customers that the breach occurred between March 24 and April 18.
It said it has been working with leading cyber security firms, law enforcement and the payment card networks to determine the scope of the data breach.
Chipotle said the malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) accessed from the magnetic stripe of payment cards.
The company advised customers to check their payment card statements for any unauthorized activity and immediately report any suspicious charges to the card issuer.
Chipotle said the malware has been removed and that it reported the incident April 25.
Further information is available at www.chipotle.com/security or by calling 888-738-0534