NEW BRUNSWICK, NJ — Customers who used a card to pay for a meal at Chipotle on George Street this spring might be vulnerable to identity theft, according to the restaurant’s parent company.
Hackers used malware to obtain various personal information from credit or debit cards swiped in most of the burrito chain’s locations, according to an investigation by “leading cyber security firms,” law enforcement and payment card networks. In New Brunswick, the security breach occurred from March 26 through April 18.
The malware attempted to seize “track data,” which may include the cardholder’s name, card number, expiration date and internal verification code, according to Chipotle.
The malware gleaned this information from the magnetic stripe of a credit or debit card as it was slotted through a point-of-sale device, restaurant officials said.
“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures,” Chipotle wrote on its website. “In addition, we continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.”
Chipotle customers who might be affected should regularly review their card statements for purchases that they didn’t make. They should also check their credit reports, which can be accessed through information provided on this page.
Chipotle also recommends placing a fraud alert on your credit file. That can “make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you,” restaurant officials said.
If you have any questions for Chipotle, you may reach the company at 888-738-0534. The hotline is open between 9 a.m. and 9 p.m. Monday through Friday and 9 a.m. and 5 p.m. during weekends.