More trouble for Chipotle: The chain said Friday that customer data including credit card information has been breached in a hack affecting most of its stores. According to UPI, the company found malware tracking credit card numbers, expiration dates, and verification codes between March 24 through April 18. Among other things, this type of information can be used by hackers to make "clone" credit cards or remove money from debit-linked accounts, a security expert with the Privacy Rights Clearinghouse tells NBC News.
The hack affected stores in 47 states and Washington, DC, as well as a few locations in Canada, though it remained unclear just how many customers might have been compromised. In a statement, the company said it removed the malware and continues "to work with cyber security firms to evaluate ways to enhance our security measures.” It also asked its customers to keep an eye on their own credit card statements for suspicious purchases. The news comes as Chipotle is trying to recover from a string of PR messes, including an E. coli scare. (More Chipotle stories.)