Hackers stole credit card information from customers at Chipotle restaurants across the United States between March 24th and April 18th, the company announced today. Chipotle revealed in April that it had been the victim of an attack, and today it shared details about the type of information stolen from customers, which covered "cardholder name in addition to card number, expiration date, and internal verification code." No other information was compromised, Chipotle said.
The attack pulled data off the magnetic strips of credit cards used in physical Chipotle locations around the US. The company has not said how many customers were affected, though it offered a searchable list of locations that were actually hit in the attack, including the dates each restaurant was vulnerable. Some were compromised for about a week, and others for the full four weeks. If you swiped a credit card at a Chipotle in March or April, check out the list of affected restaurants right here.
"Because of the nature of the incident and the type of data involved, we do not know how many unique payment cards may have been involved," Chipotle spokesperson Chris Arnold told Engadget.
As Reuters notes, Chipotle is not offering credit monitoring services to compromised customers. The company said monitoring services don't alert customers when a fraudulent charge is made in their name.
"Chipotle takes this kind of issue very seriously, and we regret any inconvenience or concern it may have caused," Arnold told Engadget. "To help prevent a similar incident from recurring, we have resolved the issue and continue to work with cyber security firms to evaluate ways to enhance our security measures."