The attack pulled data off the magnetic strips of credit cards used in physical Chipotle locations around the US. The company has not said how many customers were affected, though it offered a searchable list of locations that were actually hit in the attack, including the dates each restaurant was vulnerable. Some were compromised for about a week, and others for the full four weeks. If you swiped a credit card at a Chipotle in March or April, check out the list of affected restaurants right here.
"Because of the nature of the incident and the type of data involved, we do not know how many unique payment cards may have been involved," Chipotle spokesperson Chris Arnold told Engadget.
As Reuters notes, Chipotle is not offering credit monitoring services to compromised customers. The company said monitoring services don't alert customers when a fraudulent charge is made in their name.
"Chipotle takes this kind of issue very seriously, and we regret any inconvenience or concern it may have caused," Arnold told Engadget. "To help prevent a similar incident from recurring, we have resolved the issue and continue to work with cyber security firms to evaluate ways to enhance our security measures."