Heartburn for Some Chipotle Customers
PDF Print E-mail


By Eva Velasquez, Executive Director, Identity Theft Resource Center

All you wanted was a burrito, but you may have gotten a side of data breach. Chipotle recently announced that “most of their stores” had been hit by a malware attack that aimed at gathering customers’ payment card information. So should you cry like you just ate some ghost pepper salsa or is this more like a mild pico de gallo? Let’s talk the Chipotle breach.

Do you need to worry?

While you shouldn’t be too scared about the information reportedly lost in this breach, you should be worried that the situation is not unique. If we have said it once we have said it a thousand times, data breaches are not an “if” but a “when” these days. So it should not surprise you that yet another large chain has been hit. While this reality shouldn’t shock you, it should upset you that there is not more of a focus on protecting our personal information.

What can you do about it?

The Information targeted in this breach was credit card information taken from Point of Sale devices. So if you used a card at Chipotle between March 24 and April 18 of this year, keep a close eye on that account for any suspicious charges. If you see one, call your bank, report the fraud, and order a new card. On our website you’ll find more advice about how to respond to a data breach.

Have you ever received a data breach notification letter? 

If you found this information helpful,  please help us by completing a short survey to help us better understand consumers’ concerns when it comes to data breaches.

The ITRC is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cyber security, scams/fraud and privacy issues.