May 30, 2017
Ten Chipotle Mexican Grill restaurants in Philadelphia were among hundreds affected nationwide after credit-card-stealing malware breached the chain's cyber systems earlier in the spring.
The fast-food burrito chain on Friday released a list of which Chipotle restaurants were affected by malware designed to access payment card data and when each location was hacked.
Chipotle said in the news release that the malware had access to data from cards used on point-of-sale devices at most of its restaurants from March 24 to April 18.
In Philly, the following locations were affected, according to the restaurant chain:
• 9173 Roosevelt Ave., March 27-April 18
• The Terminal F Hub at Philadelphia International Airport, March 26-April 18
• 4030 City Ave., March 26-April 18
• 3925 Walnut St., March 28-April 18
• 3400 Lancaster Ave., March 27-April 18
• 2327 Cottman Ave., March 26-April 18
• 1625 Chestnut St., March 26-April 18
• 1512 Walnut St., March 26-April 18
• 1200 Walnut St., March 26-April 8
• 1100 West Montgomery Ave., March 26-April 18
The breach comes more than a year after a slew of E. coli and norovirus outbreaks at Chipotle locations across the country.
The company wrote Friday that the malware searched for track data read from the magnetic stripe of a credit or debit card as it was routed through a POS device. Track data sometimes includes the cardholder's name along with the card number, expiration date and internal verification code.
Cyber security firms, law enforcement and payment card networks collaborated on an investigation into the breach and reportedly found nothing indicating that other customer information was accessed, the company stated.
"We removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures," the release read. The company also said it is working with payment card networks to make banks aware of the breach.
Customers with questions about the breach can call 888-738-0534 from 9 a.m. to 9 p.m. Monday through Friday and 9 a.m. to 5 p.m. Saturday and Sunday.
See the company's full statement from Friday and a database of locations affected here.