LOCAL

Chipotle data breach included SW Florida customers' credit cards

Jefferson Graham, USA TODAY & Ashley Collins, Naples Daily News
This Monday, Feb. 8, 2016, file photo shows the sign of a Chipotle restaurant in Hialeah, Florida. (AP Photo/Alan Diaz, File)

Chipotle Mexican Grill said Friday that new information on a March-April data breach at its restaurants indicates hackers using malware stole customers' payment information.

Consumers' account numbers, expiration data and verification codes were accessed by the malware from payment card systems at the fast-casual chain over three weeks between March 24 and April 18.

Chipotle said the malware that breached its system has been removed.  

These Southwest Florida locations were identified in the data breach investigation during the following time frames:

  • Mercato, 9100 Strada Place, Unit 2110, North Naples, March 26-April 18.
  • Restaurant Row, 6821 Collier Blvd., 101, East Naples, April 11-18.
  • Coconut Trace, 22941 Lyden Drive, 100, Estero, March 27-April 8.
  • 8061 Dani Drive, 140, Fort Myers, March 27-April 18.
  • 12631 S. Cleveland Ave., Lot B 101, south Fort Myers, March 26-April 18.
  • GCTC, 10010 University Plaza Drive, Suite 102, Fort Myers, March 26-April 18.

Most of the chain's 2,249 restaurants were affected, said company spokesperson Chris Arnold.

"Because of the nature of the incident and the data involved, we lack sufficient information to determine how many unique payment cards may have been involved," he said.

The company has been working to rebound from food safety issues that resulted in a sales drop in 2015. The company since has been climbing back, with its stock up to $480.15 on Friday. On Jan. 4, the first trading day of the year, Chipotle stock traded for $381 a share.

The company said consumers should check their credit card statements for unauthorized activity and report unauthorized charges to the card issuer.

"Payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner."

Chipotle said it's working with cyber security firms to evaluate ways to enhance security measures.

In addition, "we ... are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring."

The company set up a toll-free number, 888-738-0534, to take calls about the breach. For more information, see the Chipotle security web page.