Local Chipotle branches affected by data breach

Customers at a number of Chipotle restaurant locations across the South Shore may have had their personal information compromised by a data breach earlier this year.

The Mexican restaurant chain released a statement on Monday after an investigation was completed. According to the release, malware designed to access payment data from credit and debit cards was active between March 24 and April 18.

According to Chipotle, the following local restaurants were compromised: 1996 Merrick Road, in Merrick; 2034 Green Acres Mall, in Valley Stream; 1194 Wantagh Avenue, in Wantagh; 3161 Long Beach Road, in Oceanside; 331 Rockaway Turnpike, in Lawrence; and 630 Old Country Road, in Garden City.

According to officials, the malware searched for data that could include the cardholder’s name, card number, expiration date and verification code while cards were processed.

Chipotle officials said that there was “no indication” that other customer information was affected, and during the investigation, the malware was removed.

Chipotle is working with cyber security firms to evaluate and beef-up their security. “We continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring,” the statement went on to say.

“It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity,” Chipotle added. “You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner.”