Most Chipotle Restaurants Hacked with Credit Card Stealing Malware

NEW YORK — A cybersecurity attack that hit most Chipotle restaurants allowed hackers to steal credit card information from customers, the burrito chain confirmed.

The company first acknowledged the breach on April 25. But a blog post on Friday revealed the kind of malware used in the attack and the restaurants that were affected.

The list of attacked locations is extensive and includes many major U.S. cities. When CNNMoney asked the company Sunday about the scale of the attack, spokesman Chris Arnold said that “most, but not all restaurants may have been involved.”

Chipotle said in its blog post that it worked with law enforcement officials and cybersecurity firms on an investigation.

The breaches happened between March 24 and April 18. The malware worked by infecting cash registers and capturing information stored on the magnetic strip on credit cards, called “track data.” Chipotle said track data sometimes includes the cardholder’s name, card number, expiration date and internal verification code.

The company said there is “no indication” that other personal information was stolen.

“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures,” the blog post reads.

A list of the restaurants and times they were affected can be found on Chipotle’s website.

A section gives information California residents can use to understand what to do as a victim of the data breach. Some local stores Chipotle says were affected and the dates they were attacked include:

Auburn
2845 Bell Road, 95603 from 3/27/2017 to 4/18/2017

Citrus Heights
5851 Sunrise Blvd., 95610 from 3/25/2017 to 4/18/2017

Davis
227 E STREET, 95617 from 3/25/2017 to 4/18/2017

Elk Grove
7440 Laguna Blvd. #124, 95758 from 3/24/2017 to 4/18/2017

Fair Oaks
5223 Hazel Avenue, 95628 from 3/27/2017 to 4/18/2017

Folsom
2379 Iron Point Road Ste B, 95630 from 3/25/2017 to 4/18/2017
1001 E Bidwell Suite 106, 95630 from 3/25/2017 to 4/18/2017

Modesto
3401 Dale Road, Suite 650, 95356 from 3/25/2017 to 4/18/2017
1801 Mchenry Avenue, Ste B, 95350 from 3/27/2017 to 4/18/2017

Placerville
3987 Missouri Flat Road, Suite 390, 95667 from 3/25/2017 to 4/18/2017

Rancho Cordova
2878 Zinfandel Drive, 95670 from 3/25/2017 to 4/18/2017
2350 Sunrise Blvd, Ste 3, 95670 from 3/27/2017 to 4/18/2017

Rocklin
5194 Commons Drive, 101, 95677 from 3/27/2017 to 4/18/2017

Roseville
781 Pleasant Grove Blvd., Ste 140, 95678 from 3/25/2017 to 4/18/2017
3988 Douglas Blvd. #140, 95661 from 3/25/2017 to 4/18/2017
1136 Galleria Blvd #160, 95678 from 3/25/2017 to 4/18/2017

Sacramento
5738 Folsom Blvd, 95819 from 3/25/2017 to 4/18/2017
5040 Auburn Blvd., 95841 from 3/25/2017 to 4/18/2017
3830 Truxel Road, Suite 300, 95833 from 3/25/2017 to 4/18/2017
3328 El Camino Ave., 95821 from 3/25/2017 to 4/18/2017
2517 Fair Oaks Blvd, 95825 from 3/25/2017 to 4/18/2017
1831 Capitol Ave., 95814 from 3/25/2017 to 4/18/2017
1729 Howe Ave., 95825 from 3/25/2017 to 4/18/2017

Stockton
4940 Pacific Ave., 95207 from 3/25/2017 to 4/18/2017
10710-A Trinity Parkway, 95219 from 3/27/2017 to 4/18/2017

Vacaville
1620 E Monte Vista Ave., Suite 101, 95688 from 3/27/2017 to 4/18/2017

West Sacramento
775 Ikea Court, 95605 from 3/25/2017 to 4/18/2017

Yuba City
1005 Gray Avenue, 95993 from 3/25/2017 to 4/18/2017

The company recommended that customers scan their credit card statements for potentially fraudulent purchases. It also said victims should contact the Federal Trade Commission, the attorney general in their home states or their local police department.