X

Chipotle's latest bug hurts your wallet, not your stomach

The Mexican food chain tells its customers Friday that their credit card information has been stolen by hackers.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
gettyimages-502276080.jpg

Chipotle says it's working with law enforcement to figure out who's behind the breach.

SAUL LOEB/AFP/Getty Images

The guac is extra -- and apparently, so is the hack.

Chipotle warned its customers on Friday that it suffered a breach between March 24 and April 18 on its sales system. Hackers stole troves of credit card information from customers, as well as the victims' names

"Customers that used a payment card at an affected location during its at-risk time frame should remain vigilant to the possibility of fraud," Chipotle said in a statement.

The thieves infected Chipotle and Pizzeria Locales across the country in Colorado, Kansas, Missouri and Ohio. You can look up your local Chipotle here to see if it had been hacked and your local Pizzeria Locale here. Not every affected Chipotle location has been found yet, the company said.

The two chain restaurants removed the malware during their investigation and are still working with police, cybersecurity companies and credit card networks to prevent the issue from happening again.

Chipotle announced that the restaurant and its customers had been breached on April 25, one week after the malware ended.

The hack is a different kind of bug for Chipotle, which faced a national scandal in 2016 after a norovirus outbreak caused closings across the US and widespread illness. Chipotle is only the latest in a rash of cyberattacks on points-of-service systems.

In 2013, Target lost 20 million of its users accounts after hackers stole credit card data from the company. Countless hotels have also been hit by cybertheives looking for stashes of credit cards.