Fans of Chipotle may feel ill after hearing the latest news about the restaurant chain.
But this isn’t about the food: Hackers used malware to steal customer payment data from most of Chipotle Mexican Grill’s restaurants over a span of three weeks earlier this year, the company announced Friday.
That includes five Chipotle locations around Wichita that were breached between March 25 and April 18: 7130 W. Maple, 535 S. Rock Road, 515 N. Hillside, 3015 N. Rock Road and 2241 N. Maize Road.
The Chipotle in Derby was also breached between March 27 and April 18.
Stolen data included account numbers and internal verification codes. The malware has since been removed.
The information could be used to drain bank accounts, make “clone” credit cards or buy things on certain less-secure online sites, said Paul Stephens, director of policy and advocacy at the nonprofit Privacy Rights Clearinghouse.
An investigation into the breach found the malware searched for track data from the magnetic stripe of payment cards. A handful of Chipotle restaurants in Canada were also hit by the hackers.
Chipotle is not offering credit monitoring or notifying affected customers directly, as many other chains have in the past.
Chipotle restaurants in Lawrence, Manhattan and the Kansas City metropolitan area were also hit by the hackers, according to the company.
Contributing: Reuters News Service