Eat a Chipotle Burrito Recently? You Need to Check Your Bank Account ASAP

Q: What happened in the Chipotle payment system hack?

Attackers accessed the payment network used for in-store card transactions, exposing payment data for purchases made between March 24 and April 18, 2017.

Q: Which Chipotle locations were affected?

Chipotle announced a security incident but provided a list of affected locations in follow-up communications; customers should check official company notices for specifics.

Q: How can I tell if my card was compromised?

Review recent bank and card statements for unfamiliar charges, enable transaction alerts, and contact your card issuer immediately if you spot suspicious activity.

Q: What steps should I take if my card was used fraudulently?

Report unauthorized charges to your bank or card issuer, request a card replacement, and consider monitoring your credit for further signs of identity theft.

Q: Did Chipotle offer any support or remediation for impacted customers?

After detecting the intrusion, Chipotle launched an investigation and provided updates; affected customers were advised to monitor accounts and follow company guidance for reporting issues.

Published by

Clara

Nov 30

Editor’s note: Chipotle Mexican Grill has released additional details about this security incident. For specifics on which locations were impacted and how to submit a claim with the Federal Trade Commission, see the chain’s blog posthere.

Chipotle seems unable to get a break.

Following the Mexican fast-casual chain’s E. coli episode in 2015, the brand has had difficulty generating favorable press.

After Chipotle recently implemented a roughly 5% price increase at about one-fifth of its restaurants nationwide, some customers voiced fresh dissatisfaction.

You could say a dark cloud has hovered over Chipotle for some time now, and this week’s issue certainly doesn’t help: On April 25, Chipotlerevealedthat attackers had infiltrated its payment platform.

Yikes.

Hackers Accessed Chipotle’s Payment Network — Are You Impacted?

The chain’s quarterly earnings call began on a high note. Management said same-store sales rose by 17.8% — a turnaround after five consecutive quarters of declines.

That bit of good news was enough to send Chipotle Mexican Grill shares up by as much as 6.8% following the report.

But the call also included news about the payment-system intrusion.

Chipotle’s chief financial officer, Jack Hartung, said the company “detected unauthorized activity” on the network used to process in-store credit and debit card transactions, per CNBC.

The affected transactions took place between March 24 and April 18, 2017.

Why is this alarming? When a payments network is compromised, sensitive information like card numbers can fall into criminals’ hands, enabling theft from customers’ accounts.

Carissa Economos, a senior at The University of Tampa, shared her unease with me on Facebook.

“I’ve eaten there three times in the past week alone and now I’m kind of freaking out,” Economos said. “I’ve been watching my account and everything looks fine, but it’s wild that such a large company can be breached. It just shows that no matter how protected a system seems, there’s always a way in.”

Hartung said the corporation launched an investigation right away after learning of the incident. Chipotle’s statement noted the company has taken measures it believes will stop further unauthorized activity.

If you visited Chipotle recently, it’s sensible to monitor your bank and card statements. Report any suspicious charges to your financial institution right away.

Hopefully Chipotle’s troubles subside soon — rumor has it it might add a dessert to menus, but I’m not keen on risking my credit card security for a sweet treat.

Also see related coverage on the chipotle coupon apology for more context about recent company communications.

Your turn: Are you concerned about Chipotle’s security breach?