Chipotle hack hit Cedar Rapids, Iowa City locations

A data breach at Chipotle affected three stores in the Corridor, the chain announced over the holiday weekend.

Chipotle first confirmed a cybersecurity incident in April, but issued new details Friday after the retailer completed an investigation. The company found that malware placed in its system resulted in the theft of payment card data from cards used at cash registers and point-of-sale systems at certain restaurants between March 24 and April 18.

The malware could have stolen cardholder names, card numbers, expiration dates and internal verification codes by reading the magnetic stripe on a credit or debit card. Chipotle said it does not have reason to believe other customer information was stolen.

The three Corridor stores affected were:

l

4444 First Ave. NE, Cedar Rapids

l

2360 Edgewood Rd. SW, Cedar Rapids

l

201 S. Clinton St., Iowa City.

Locations in Davenport, Des Moines, West Des Moines, Ames, Ankeny, Sioux City and Waterloo also were affected.

Customers who bought food from those locations between March 24 and April 18 should monitor their statements and accounts for unauthorized purchases. Iowans worried their identity has been stolen should contact the Federal Trade Commission or the Iowa Attorney General's Office.

Chipotle also has established a phone line to hear customer concerns, at (888) 738-0534, between 8 a.m. and 8 p.m., Monday through Friday, and between 8 a.m. and 4 p.m. Saturday and Sunday.

Chipotle said Friday it has removed the malware from its systems.

l Comments: (319) 398-8366; matthew.patane@thegazette.com