Print Page  |  Close Window

Press Release

Chipotle Mexican Grill Reports Findings from Investigation of Payment Card Security Incident

DENVER--(BUSINESS WIRE)--May 26, 2017-- Chipotle Mexican Grill (NYSE:CMG) is providing further information about the payment card security incident that the company previously reported on April 25, 2017. The information comes at the completion of an investigation that involved leading cyber security firms, law enforcement, and the payment card networks.

The investigation identified the operation of malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle and Pizzeria Locale restaurants between March 24, 2017 and April 18, 2017. The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. There is no indication that other customer information was affected. Lists of affected Chipotle and Pizzeria Locale restaurant locations and specific time frames are available at www.chipotle.com/security and www.pizzerialocale.com/security, respectively. Not all locations were involved, and the specific time frames vary by location.

Customers that used a payment card at an affected location during its at-risk time frame should remain vigilant to the possibility of fraud by reviewing their payment card statements for any unauthorized activity. Customers should immediately report any unauthorized charges to their card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of the payment card.

During the investigation, Chipotle removed the malware and continues to work with cyber security firms to evaluate ways to enhance its security measures. In addition, Chipotle continues to support law enforcement’s investigation and is working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.

If customers have questions regarding this incident, they can visit www.chipotle.com/security or www.pizzerialocale.com/security, as applicable, or call 1-888-738-0534 Monday through Friday between the hours of 9:00 a.m. and 9:00 p.m. ET (closed for Memorial Day). During Memorial Day weekend, customers may call Saturday and Sunday, 9:00 a.m. to 5 p.m. ET.

ABOUT CHIPOTLE

Steve Ells, Founder, Chairman and CEO, started Chipotle with the idea that food served fast did not have to be a typical fast food experience. Today, Chipotle continues to offer a focused menu of burritos, tacos, burrito bowls, and salads made from fresh, high-quality raw ingredients, prepared using classic cooking methods and served in an interactive style allowing people to get exactly what they want. Chipotle seeks out extraordinary ingredients that are not only fresh, but that are raised responsibly, with respect for the animals, land, and people who produce them. Chipotle prepares its food using only real, whole ingredients, and is the only national restaurant brand that uses absolutely no added colors, flavors or other industrial additives typically found in fast food. Chipotle opened with a single restaurant in Denver in 1993 and now operates more than 2,300 restaurants. For more information, visit Chipotle.com

Source: Chipotle

Chipotle
Chris Arnold
carnold@chipotle.com