Kennewick Chipotle may have had credit card data stolen

People who ate at Chipotle Mexican Grill restaurant in Kennewick from March 27 to April 18 should keep an eye on their credit and debit card statements.

Hackers stole customer credit card numbers between March and April from Chipotle locations around the country, the company has announced. Customers can search at www.chipotle.com to see what restaurants were affected on what dates.

Chipotle said the company found malicious software stealing credit card data from its point-of-sale system. Company spokesman Chris Arnold told USA Today that the data breach affected most of Chipotle’s 2,249 restaurants.

Chipotle initially reported the hack on April 25, but the company on Friday released information on just how bad the breach was.

“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device,” the company said in a press release. The time frame for when hackers were able to steal credit card numbers differs by store.

Chipotle said the company was able to remove the malware and “continues to work with cyber security firms to evaluate ways to enhance its security measures.”

This story was originally published May 27, 2017 at 4:18 PM with the headline "Kennewick Chipotle may have had credit card data stolen."