Credit card stealing malware hits dozens of MN and WI Chipotle locations

Body: 

Chipotle restaurants announced that a cybersecurity allowed hackers to gain access to customer credit card data at a majority of its locations, including more than 80 Minnesota and Wisconsin restaurants.

The Denver-based burrito chain said Friday that the majority of its locations across the country were victims of malware, which allowed hackers to search credit card information, such as cardholder names, expiration dates and verification codes.

In a statement, Chipotle said it had removed malware that was active between March 24 through April 18.

Restaurants affected include two Woodbury and Maplewood locations, as well as stores in Cottage Grove, Hastings, Rosemount, Oak Park Heights and Hudson, Wis.

The security breach also impacted about a dozen Minneapolis and St. Paul restaurants and several more across the metro area and greater Minnesota.

Chris Arnold, a spokesperson for Chipotle, said the number payment cards that were affected is difficult to confirm.

“Because of the type of data involved, we lack sufficient information to determine how many unique individuals’ payment card data may have been involved,” he said in an email.

The company said it will continue to work with cybersecurity firms to "evaluate ways to enhance its security measures."

More information about affected locations is available on Chipotle's website. The company said specific time frames differ from various locations.

Customers who used credit cards at the listed locations are urged to review billing statements and report suspected fraud or misuse to the card issuer and law enforcement.

Impacted consumers can also contact the Federal Trade Commission or the state attorney general’s office.