Chipotle Affirms Malware Responsible for Security Breach

Chipotle Mexican Grill on Friday provided further information about the payment card security incident that the company previously reported in April.

An investigation involving cybersecurity firms, law enforcement and the payment card networks identified the operation of malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle and Pizzeria Locale restaurants between March 24, 2017 and April 18, 2017, the company said.

The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device.

The company urged customers that used a payment card at an affected location during its at-risk time frame to remain vigilant to the possibility of fraud by reviewing their payment card statements for any unauthorized activity.