Chipotle may have been the target of a data breach. The company, which is just starting to recover financially from the impact of a series of food-borne illnesses linked to its restaurants, reported the issue to investors on Tuesday, saying it "detected unauthorized activity on the network that supports payment processing."
Chipotle is investigating credit card transactions made from March 24 through April 18 with cyber security firms, law enforcement, and its payment processor, and said it believes it has stopped the unauthorized activity.
The company has set up a website where it will post updates for customers. A spokesman for Chipotle declined to provide further details on the investigation.
Here is Chipotle's full statement.
We recently detected unauthorized activity on the network that supports payment processing for purchases made in our restaurants. We immediately began an investigation with the help of leading cyber security firms, law enforcement, and our payment processor. We believe actions we have taken have stopped the unauthorized activity, and we have implemented additional security enhancements. Our investigation is focused on card transactions in our restaurants that occurred from March 24, 2017 through April 18, 2017. Because our investigation is continuing, complete findings are not available and it is too early to provide further details on the investigation. We anticipate providing notification to any affected customers as we get further clarity about the specific timeframes and restaurant locations that may have been affected.
Consistent with good practices, consumers should closely monitor their payment card statements. If anyone sees an unauthorized charge, they should immediately notify the bank that issued the card. Payment card network rules generally state that cardholders are not responsible for such charges.
We have a webpage set up where we can provide updates as additional info becomes available.