Chipotle Mexican Grill is notifying customers of a data breach that may have compromised their credit card and debit card information after it learned that its payment processing system was hacked.
According to reports, the popular fast-casual chain assured investors on Tuesday that it had implemented additional security measures, which it believes stopped the “unauthorized activity” on its network.
In a statement posted on its website, Chipotle said it’s investigating card transactions at its restaurants that occurred from March 24, 2017, through April 18, 2017.
Chipotle said its currently working with cyber security firms, law enforcement and its payment processor to uncover additional information about the data breach.
“We anticipate notifying any affected customers as we get further clarity about the time frames and the restaurant locations that might have been affected,” said the company.
Notice of Data Security Incident
In the meantime, Chipotle is advising customers to closely monitor their payment card statements for suspicious activity.
“If anyone sees an unauthorized charge, they should immediately notify the bank that issues the card,” read the statement. “Payment card network rules generally state that cardholders are not responsible for such charges.”
Tim Erlin, vice president at Tripwire, told the International Business Times:
“While we may have become numb to these breaches, criminals continue to target point of sale terminals. As long as credit card data continues to be valuable on the black market, any company collecting or processing valid credit card information will continue to be a high value target.”
The news comes just as the company had appeared to recover financially from impacted sales after an E. coli outbreak in 2016.
The Denver, Colorado-based company reported a 17.8 percent increase in sales in the first quarter of 2017 compared to the same period last year.