60+ Chipotle Locations in Minnesota Hit by Payment Card Malware, Duluth Included

The incident took place over several weeks before the company removed it

DULUTH, Minn – Denver-based company, Chipotle, has provided specific time frames for more than 60 Minnesota locations, after the company was struck with malware that was designed to access payment card data.

In a statement, the company stated the completion of an investigation with law enforcement, payment card networks, and leading cyber security firms. Chipotle indicated that during the investigation they were able to conclude that the incidents occurred at certain restaurants between March 24, 2017 an April 18, 2017. “During the investigation we removed the malware,” Chipotle stated. “And we continue to work with cyber security firms to evaluate ways to enhance our security measures.”

The malware took information from point-of-sale devices, tracking data such as the cardholder’s name, card number, expiration date, and internal verification code, from the magnetic strip on customer’s credit and debit cards. Chipotle made no mention of who may have been behind the attack.

Chipotle is urging its customers to review their billing statements if they used their payment cards at any of the affected restaurants with in the time frame listed above for evidence of fraudulent activity.

The Duluth location at 1600 Miller Trunk Hwy was included in the list of affected restaurants. The Star Tribune reports that 10 locations in Minneapolis, three in St. Paul and dozens of suburbs in the metro area were also affected.

Chipotle has provided resources to those experiencing fraudulent activity related to this incident, as well as a search tool for specific affected locations. You can find all this at https://www.chipotle.com/security#security