The hack was announced Friday and impacts more than 30 locations in the Tri-State area.
|The Campbell County YMCA. This is an advertisement.|
The hacker malware could access track data such as cardholder names, numbers, expiration date and internal verification codes, according to a statement from the company.
The time frame of the hack varies by location, but most restaurants were impacted between March 25 and April 18 of 2017.
Most of its 2,249 restaurants were affected, said company spokesperson Chris Arnold.
"Because of the nature of the incident and the data involved, we lack sufficient information to determine how many unique payment cards may have been involved," he said.
The company has been working hard to rebound from food safety issues in 2015 that resulted in a sales drop. The company has since been climbing back, with its stock up to $480.15 on Friday. On January 4th, the first trading day of the year, Chipotle stock traded for $381 a share.
The company said consumers should check their credit card statements for unauthorized activity and report unauthorized charges to the card issuer. "Payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner."
Chipotle said it's working with cyber security firms to evaluate ways to enhance security measures. In addition, "we...are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring."
All 14 Chipotle locations in the city of Cincinnati were impacted. Other local stores include:
Kentucky: Covington, Crescent Springs, Erlanger, Florence, Highland Heights, Newport
Ohio: Blue Ash, Dayton, Evendale, Fairfax, Fairfield, Forest Park, Hamilton, Harrison, Kettering, Liberty Township, Mason, Miamisburg, Milford, Norwood, Springboro, Springdale, West Chester
Indiana: Aurora, Speedway