This story was last updated at 11:12 a.m. ET.
Chipotle can’t seem to catch a break.
Following a series of food-safety issues in 2015 and 2016, the company has been hit by another controversy: a security breach that’s affected its chains nationwide.
The company says hackers stole customer payment data from most of its 2,250 restaurants between March 24 and April 18. Reuters reported that the stolen data includes account numbers and internal verification codes — data that can be potentially used to drain debt card accounts or clone credit cards.
David Jones with the software company Irdeto said it’s important to check your accounts — and quickly — if you used a card at Chipotle during this time frame.
“Really, look at the statements and evaluate expenses and makes sure there’s nothing suspicious on there,” he noted.
|Chipotle wants to reward frequent burrito eaters|
|What happened to Chipotle’s unique selling proposition?|
|Chipotle’s E. coli outbreak economics|
Chipotle first announced knowledge of the hacking on April 25, but revealed details of the malware attack and affected locations on Friday.
Andy Gilman, president and CEO of CommCore Consulting Group, said he thinks Chipotle seems to have downplayed this a bit by releasing the information before a holiday weekend.
“The company put out a press release, saying, well, it didn’t seem to be too much. It was only names and credit card information. Well, that’s a lie,” Gilman said.
Going forward, Chipotle may have to pay credit card companies based on the size of the attack and the number of records that were compromised.
“In this case, the card companies will fine Chipotle and also hold them liable for any fraud that results directly from their breach,” Avivah Litan, a vice president at Gartner Inc., told Reuters.
The fast-casual chain’s sales had just been recovering losses caused by various health incidents, including a series of E. coli and norovirus outbreaks. In the first quarter of 2017, same-store sales at restaurants open for over a year increased by 17.8 percent — the first positive sales since the crisis.
Chipotle has created a locator tool that customers can use to see if their restaurant was identified during the investigation, which you can check out here.