All Capital Region locations of Chipotle Mexican Grill were affected by the computer security breach that hit the national fast-casual restaurant chain earlier this spring.
The company reported the credit card security incident April 25. It indicated that malware may have exposed cardholders’ names, card numbers, expiration dates and verification codes through point-of-sale credit card readers.
After an investigation that involved cybersecurity experts, law enforcement personnel and payment card networks, the company said there is no indication other customer information was affected.
The situation existed for the following periods at these Chipotle locations:
- 22 Clifton Country Road, Clifton Park, April 11-18
- 105 Wolf Road, Colonie, March 26-April 18
- 1475 Western Ave., Guilderland, March 26-April 18
- 2 Wade Road, Latham, March 24-April 18
- 441 Balltown Road, Niskayuna, March 26-April 18
- 3057 State Route 50, Wilton, March 25-April 18
The company said it has removed the malware and is looking for ways to improve its security measures.
It also reminded the public of standard precautions against financial crime:
- Reviewing credit card statements for unauthorized charges, which generally are not the responsibility of cardholders, if reported promptly.
- Obtaining a credit report from one of the three nationwide credit reporting agencies — Equifax, Experian and TransUnion; everyone is entitled to one free report per year.
- Contacting the Federal Trade Commission and/or state Attorney General’s Office if identity theft is suspected, as well as local police.
- Placing a fraud alert on your credit file with one of the three agencies, which will alert the other two; this is free.
- Placing a security freeze on your credit file with each of the three agencies individually; this may involve fees.