Chipotle Mexican Grill has identified 20 restaurants in the region — including Springfield — that are among hundreds nationwide where customers were exposed to potential fraud, the latest in a long list of national retailers that have been hacked.
The Mexican-restaurant chain continues to investigate the data breach that affected customers using credit or debit cards in April. Its locations were victims of malware designed to access payment card data that was used on point-of-sale devices at Chipotle restaurants.
Other companies that have faced recent cyber-security threats include Arby’s and Target, which just paid $18.5 million for data stolen from 40 million credit and debit cards of shoppers who visited the stores in 2013. The hack cost the company $202 million.
The Chipotle hack happened between March 24 and April 18. The malware searched for track data read from the magnetic stripe of a payment card as it was being routed through the payment device. Customers that used a payment card at an affected location during the at-risk time frame should be aware of the possibility of fraud, the company said.
Impacted Chipotle stores include locations in Springfield, Kettering, Dayton, Centerville, Beavercreek, Huber Heights, Springboro, Troy and Xenia. The company believes it took the proper precautions to stop the breach. This isn’t the first reputation hit for Chipotle in recent years, after the chain restaurant had a flurry of food contamination incidents a couple years ago.
In Springfield, the restaurant at 1930 N. Bechtle Ave. was impacted from April 3 to April 18, according to the company.
Ben Koehler, a Springfield resident, was eating out at the Bechtle Avenue Chipotle on Tuesday afternoon and hadn’t heard of the hack.
“I use cash, but it scares me a little for other people,” he said.
Rachel Lee of New Carlisle was also at the Springfield Chipotle on Tuesday and also hadn’t heard yet about the incident.
“You just have to have your guard up because you never know,” she said.
The breach comes following a sharp increase in sales for Chipotle. Same-store sales grew 17.8 percent in the first quarter. Compared to the first quarter of 2016, revenue increased more than 28 percent to $1.07 billion. The chain also opened up 57 new restaurants.
Cyber security is becoming more important as companies and government entities deal with hacking and cyber security threats. Arby’s, Vera Bradley and Noodles & Company have told customers they were investigating major data breaches.
Cyber crime damages will cost organizations, governments and businesses across the world about $1 trillion annually by 2021, according to the Cybersecurity Ventures marketing firm.
Arby’s is reportedly investigating a major data breach that could impact more than 350,000 credit and debit cards used at the chain restaurant’s locations. Arby’s discovered in mid-January that it suffered a data breach that impacted about 1,000 corporate restaurants. Both Visa and Mastercard users were affected.
In May of last year, Noodles & Company announced a data security breach that may have comprised payment information for some customers — including Ohio residents.
“Noodles & Company takes the security of our guests’ information extremely seriously, and we apologize for the inconvenience this incident has caused our guests,” said Kevin Reddy, chairman and chief executive officer. “We continue to work with third-party forensic investigators and law enforcement officials to ensure the security of our systems on behalf of our guests.”
5 MUST-READ BUSINESS STORIES:
Thank you for reading the Springfield News-Sun and for supporting local journalism. Subscribers: log in for access to your daily ePaper and premium newsletters.
Thank you for supporting in-depth local journalism with your subscription to the Springfield News-Sun. Get more news when you want it with email newsletters just for subscribers. Sign up here.