available information on competitors and other restaurants. Based on this analysis, including utilization of predictive modeling using proprietary formulas, we determine projected sales and targeted return on investment for each potential restaurant site. We have been successful in a number of different types of locations, such as in-line or end-cap locations in strip or power centers, in regional malls and downtown business districts, free-standing buildings, food courts, outlet centers, airports, military bases and train stations.
For a discussion of risks related to our expansion into new real estate types, see “Risks Related to Our Plans to Improve Our Sales and Profitability and Restore Our Economic Model – Our new restaurants, once opened, may not be profitable, and may adversely impact the sales of our existing restaurants” in Item 1A. “Risk Factors.”
Other Restaurant Concepts
We believe that the fundamental principles on which our restaurants are based – finding better ingredients, preparing them using classic techniques in front of the customer, and serving them in an interactive format with great teams dedicated to providing an excellent dining experience – can be adapted to cuisines other than the food served at Chipotle. Over the previous six years, we’ve explored this idea by investing in innovative concepts such as Pizzeria Locale, a fast-casual pizza restaurant that now has seven restaurants in four states, and Tasty Made, a burger restaurant we opened in Lancaster, Ohio. We also previously operated ShopHouse Southeast Asian Kitchen restaurants, but closed all of the ShopHouse locations in early 2017. In 2018, our focus will remain on thoughtfully growing the Chipotle brand.
We use a variety of applications and systems to securely manage the flow of information within each of our restaurants, and within our centralized corporate infrastructure. The services available within our systems and applications include restaurant operations, supply chain, inventory, scheduling, training, human capital management, financial tools, and data protection services. The restaurant structure is based primarily on a point-of-sale system that operates locally at the restaurant and is integrated with other functions necessary to restaurant operations. It records sales transactions, receives out of store orders, and authorizes, batches, and transmits credit card transactions. The system also allows employees to enter time clock information and to produce a variety of management reports. Select information that is captured from this system at each restaurant is collected in the central corporate infrastructure, which enables management to continually monitor operating results. Our digital ordering system allows guests to place orders online or through our mobile app. Orders taken remotely are routed to the point-of-sales system based on the time of customer order pickup. We also continue to modernize and make investments in our information technology networks and infrastructure, specifically in our physical and technological security measures to anticipate cyber-attacks and prevent breaches, and to provide improved control, security and scalability. Enhancing the security of our financial data, customer information and other personal information remains a priority for us.
In April 2017, our information security team detected unauthorized activity on the network that supports payment processing for our restaurants, and immediately began an investigation with the help of leading computer security firms. The investigation detected malware designed to access payment card data from cards used at the point-of-sale system at most of our restaurants. The malware searched for track data, which may include cardholder name, card number, expiration date, and internal verification codes; however, no other customer information was affected. We removed the malware from our systems and have been working to further enhance the security of our payment card network.
See “General Business Risks—We may be harmed by security risks we face in connection with our electronic processing and transmission of confidential customer and employee information” in Item 1A. “Risk Factors,” as well as Note 10. “Commitments and Contingencies” in Item 8. “Financial Statements and Supplementary Data,” for further discussion of the payment card security incident in 2017, related legal proceedings, and other risks associated with our information systems.
As of December 31, 2017, we had about 68,890 employees, including about 5,020 salaried employees and about 63,870 hourly employees. None of our employees are unionized or covered by a collective bargaining agreement.
Seasonal factors influencing our business are described under the heading “Quarterly Financial Data/Seasonality” in Item 7. “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”