Chipotle has more details about the possible hack it discovered last month.
The restaurant chain said Friday some of its point-of-sale systems – the industry term for the cash register and card reader – were infected with malware. That malware would search for data that came off a card's magnetic strip (such as the card number, expiration date, and internal verification code) as it was sent through the system.
This attack seems to have taken place between March 24 and April 17. Chipotle first alerted the public to possible issues on April 26. The company says there's no indication any additional customer information was taken.
The malware has since been cleaned out of the systems, and Chipotle has been working with cybersecurity firms and law enforcement as it investigates.
Was your Chipotle affected?
Chipotle did not reveal exactly how many stores were affected. But the company has a website to see which locations were vulnerable.
Go to Chipotle.com/security, and scroll down to the bottom of the page. There you can pick a state, then select cities within that state. Any stores Chipotle knows were attacked it lists right there, along with the date range the malware was active.
We counted 42 cities in Minnesota on the list – some have more than one affected Chipotle location.
There are 42 states on Chipotle's list. Another restaurant chain it owns, Pizzeria Locale, was also hit with the malware, but there are none of those in Minnesota.
Keep an eye on your bank account
If you went to a Chipotle during that time frame mentioned above, watch your credit/debit card account.
Any charge that you didn't make, call your bank immediately – the number for that is usually on the back of the card.
Chipotle is also giving a heads-up to banks so they can be aware of possible issues.