FAIRFIELD COUNTY, Conn. — Chipotle Mexican Grill announced Friday that most of its locations were affected by a credit card breach in which customer payment information may have been stolen.
The breach affected 22 Chipotle locations in Connecticut, including 10 restaurants in Fairfield County.
An investigation identified malware that was used to access data from payment cards used on point-of-sale devices at certain Chipotle restaurants between March 24 and April 18.
The malware searched for data — which sometimes has cardholder name in addition to card number, expiration date, and internal verification code — from the magnetic stripe of a payment card when it was swiped.
There is no indication that other customer information was affected, and Chipotle has removed the malware at the approximately 2,250 restaurants.
The Chipotle locations in Fairfield County that were affected by the breach are:
- Bridgeport: 275 E, Main St., affected March 27 to April 18
- Danbury: 7 Backus Ave., affected March 26 to April 18
- Danbury: 115 Mill Plain Road, affected March 27 to April 18
- Darien: Connecticut Welcome Center I-95 northbound, affected March 26 to April 18
- Darien: 71 Post Road, affected March 26 to April 18
- Fairfield: 340 Grasmere Ave., affected March 26 to April 18
- Greenwich: 49 Greenwich Ave., affected March 26 to April 18
- Riverside: 1233 E. Putnam Ave., affected March 27 to April 18
- Shelton: 701 Bridgeport Ave., affected March 27 to April 18
- Westport: 370 Post Road E., affected March 27 to April 18
Lists of affected Chipotle locations and time frames are available at www.chipotle.com/security . Not all locations were involved, and the time frames vary by location.
Customers with questions can visit www.chipotle.com/security or call 1-888-738-0534 from 9 a.m. to 9 p.m. weekdays and 9 a.m. to 5 p.m. weekends.