Recent Chipotle Security Breach Affected Most Locations, Unknown Number of Customers


  • Photo via Chipotle/Instagram
Last year, Chipotle had an E. coli outbreak to contend with. Now, the chain has reported a data breach that occurred between March and April, affecting numerous locations all over Northeastern Ohio.

Each Cleveland suburb had at least one location compromised, and Cleveland had four.

In a press release, Chipotle explained that since initial news of a security issue broke last month, they've teamed up with cyber security firms, law enforcement and payment card networks to determine how customers may have been affected.

The company examined the nature of the "malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle restaurants between March 24, 2017 and April 18, 2017."

This malware could access track data, which can include cardholders' names as well as all the cards' numbers, expiration dates and security codes, through their magnetic strips.

In the release, Chipotle cautioned customers:

"It is always advisable to remain vigilant to the possibility of fraud by reviewing payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner."
The scandal-ridden fast food company also urged people who fear they may be victims of identity theft to contact the Federal Trade Commission or their state's Attorney General office (Ohio's here).

Comparatively speaking, two dollars for guac doesn't seem so steep anymore. You can check if you may have been affected at the bottom of this page.

We welcome readers to submit letters regarding articles and content in Cleveland Scene. Letters should be a minimum of 150 words, refer to content that has appeared on Cleveland Scene, and must include the writer's full name, address, and phone number for verification purposes. No attachments will be considered. Writers of letters selected for publication will be notified via email. Letters may be edited and shortened for space.

Email us at

Support Local Journalism.
Join the Cleveland Scene Press Club

Local journalism is information. Information is power. And we believe everyone deserves access to accurate independent coverage of their community and state. Our readers helped us continue this coverage in 2020, and we are so grateful for the support.

Help us keep this coverage going in 2021. Whether it's a one-time acknowledgement of this article or an ongoing membership pledge, your support goes to local-based reporting from our small but mighty team.

Join the Cleveland Scene Press Club for as little as $5 a month.