Chipotle says it's working with law enforcement to figure out who's behind the breach. SAUL LOEB/A
The guac is extra — and apparently, so is the hack.
Chipotle warned its customers on Friday that it suffered a breach between March 24 and April 18 on its sales system. Hackers stole troves of credit card information from customers, as well as the victims’ names
“Customers that used a payment card at an affected location during its at-risk time frame should remain vigilant to the possibility of fraud,” Chipotle said in a statement.
The thieves infected Chipotle and Pizzeria Locales across the country in Colorado, Kansas, Missouri and Ohio. You can look up your local Chipotle here to see if it had been hacked and your local Pizzeria Locale here. Not every affected Chipotle location has been found yet, the company said.
The two chain restaurants removed the malware during their investigation and are still working with police, cybersecurity companies and credit card networks to prevent the issue from happening again.
Chipotle announced that the restaurant and its customers had been breached on April 25, one week after the malware ended.
The hack is a different kind of bug for Chipotle, which faced a national scandal in 2016 after a norovirus outbreak caused closings across the US and widespread illness. Chipotle is only the latest in a rash of cyberattacks on points-of-service systems.