Skip to main content

Chipotle's payment systems were hacked – see if the one you go to was hit

Malware got into the register and card payment systems and scraped up info.

Chipotle has more details about the possible hack it discovered last month.

The restaurant chain said Friday some of its point-of-sale systems – the industry term for the cash register and card reader – were infected with malware. That malware would search for data that came off a card's magnetic strip (such as the card number, expiration date, and internal verification code) as it was sent through the system.

This attack seems to have taken place between March 24 and April 17. Chipotle first alerted the public to possible issues on April 26. The company says there's no indication any additional customer information was taken.

The malware has since been cleaned out of the systems, and Chipotle has been working with cybersecurity firms and law enforcement as it investigates.

Was your Chipotle affected?

Chipotle did not reveal exactly how many stores were affected. But the company has a website to see which locations were vulnerable.

Go to, and scroll down to the bottom of the page. There you can pick a state, then select cities within that state. Any stores Chipotle knows were attacked it lists right there, along with the date range the malware was active.

We counted 42 cities in Minnesota on the list – some have more than one affected Chipotle location.

There are 42 states on Chipotle's list. Another restaurant chain it owns, Pizzeria Locale, was also hit with the malware, but there are none of those in Minnesota.

Keep an eye on your bank account

If you went to a Chipotle during that time frame mentioned above, watch your credit/debit card account.

Any charge that you didn't make, call your bank immediately – the number for that is usually on the back of the card.

Chipotle is also giving a heads-up to banks so they can be aware of possible issues.

Next Up

Kwesi Adofo-Mensah

Here’s what the Vikings owners say about new GM Kwesi Adofo-Mensah

The Vikings announced his hiring on Wednesday night.

raiaing canes brooklyn park crop

After 3-month delay, newest Twin Cities Raising Cane's opens

The restaurant was originally scheduled to open in October.

st anthony armed robbery screengrab

Armed man robs Twin Cities thrift store, flees in carjacked pickup

He pulled out a handgun shortly after chatting with the cashier about his scarf.

red wing 6

Gallery: Pagoda-inspired home on Lake Pepin for sale for $2M

The home has 425 feet of private shoreline on the Mississippi River.

Walz, Flanagan

Walz proposes legalizing marijuana in massive supplemental budget

It's among the provisions in his "Budget to Move Minnesota Forward."

Plow 2 (1)

Photos reveal damage from gunshots to Minneapolis snowplow

A hydraulic line and three tires were damaged in the shooting.

unsplash - school classroom students

Minneapolis schools confirm return to in-person teaching Monday

The school district shifted to online learning almost two weeks ago as rising COVID cases led to staff and bus driver shortages.

Flickr - Superior National Forest Boundary Waters

Mineral leases for proposed Twin Metals mine near Boundary Waters canceled

A review by the DOI found "significant legal deficiencies" with the leases' 2019 renewal.


Reward to find person who left kittens to die in freezing WI cold

The cats were thrown from a vehicle, according to a witness.

metro mobility bus

Charges: Man led police on multi-city pursuit in stolen Metro Mobility bus

The bus had been left unattended with the keys inside when it was stolen.

Bell Ramsey Co. Jan 22 - crop

Charges: Man fatally shot mother of his child during argument

Officers found her on the ground outside the couple's home.


Minnesota's COVID-19 update for Wednesday, January 26

More than 15,000 new cases in today's update.


Watch out for this Netflix 'payment declined' phishing email scam

The message looks legitimate, and tries to trick users into giving up credit card info,

Computers at Minnesota's Tettegouche State Park were hit with malware

Anyone who used a credit card at the park in late August should be alert.

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

Update: Explore Minnesota's Facebook hack nightmare is over

But why was the tourism agency targeted? And how did someone take control?

5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Yahoo is dealing with another hack, this one affects a billion accounts

The company believes this is separate from the last hack that affected 500M.

Forever 21 says it was probably hit by a data breach

If you bought something there with a card, this might affect you.