This article is more than 1 year old

Chipotle may have banished E coli, but now it has a new infection

Another reason to feel queasy when leaving – bank-card-stealing malware

The last quarter has been a trying one for Mexican fast-food chain Chipotle. People are returning to its restaurants after the great 2015 E coli outbreak, but now customers are being struck by a different kind of virus.

The taco takeaway admitted that it had become the latest victim of what sounds like classic cash register malware. The infection occurred between March 24 and April 18 of this year; the guacamole gormandizers haven't specified yet which locations were affected, but it's fair to assume a lot of them were.

The software nasty is the kind that sits in tills, takes a copy of bank cards swiped through for payment, and siphons off the data to crooks so they can clone the cards and blow victims' accounts.

"We recently detected unauthorized activity on the network that supports payment processing for purchases made in our restaurants," said the burrito baristas in a statement this week.

"We immediately began an investigation with the help of leading cyber security firms, law enforcement, and our payment processor. We believe actions we have taken have stopped the unauthorized activity, and we have implemented additional security enhancements.

"Because our investigation is continuing, complete findings are not available and it is too early to provide further details on the investigation. We anticipate providing notification to any affected customers as we get further clarity about the specific timeframes and restaurant locations that may have been affected."

A few years ago, when this style of credit-card slurping began to appear, companies infiltrated by malware usually offered credit protection services to affected customers. However, that's becoming less common, and the carnitas crew is merely telling chicken wrap scoffers to watch their credit card statements for dodgy purchases.

"Consistent with good practices, consumers should closely monitor their payment card statements. If anyone sees an unauthorized charge, they should immediately notify the bank that issued the card. Payment card network rules generally state that cardholders are not responsible for such charges," the chorizo chuckers said, with the implication "had money stolen? Not our problem." ®

More about

More about

More about


Send us news

Other stories you might like