Chipotle Mexican Grill has confirmed its Riverhead location was among those affected by a security breach that occurred a between March 27 and April 18.
Customers who made purchases with credit or debit cards during that period are urged to review their bank statements and immediately report any unauthorized charges to local law enforcement, according to a statement on Chipotle’s website.
The company announced details about the security breach May 26, according to media reports. Chipotle’s website states the incident was first publicly disclosed April 25.
Chipotle, which has more than 2,000 locations and opened in Riverhead on Route 58 about a year ago, reportedly removed the malware during the investigation and has continued to work with cybersecurity firms to evaluate ways to enhance security measures.
The malware searched for data that could include the cardholder’s name, card number, expiration date and internal verification codes read from the card’s magnetic stripe, the company stated.
“There is no indication that other customer information was affected,” according to Chipotle’s website.
The restaurant company’s debit and credit card readers used magnetic strips instead of chip readers. Asked if the security breach could have been prevented if chip readers were in place, Chipotle spokesman Chris Arnold said in email, “EMV, or what people call chip and PIN, is not a security solution and does not stop malware attacks.”
“We are continuing to work with security experts to enhance security of our systems,” he added.
Photo: Chipotle on Route 58 in Riverhead. (Credit: Kelly Zegers)