Lawsuit blames lax security at Chipotle for breach

June 12, 2017 11:23 PM

I got a really interesting email in my inbox today. It was from a lawyer who just filed a class-action lawsuit against Chipotle. The restaurant chain had a major data breach affecting locations here in Rochester and across the country. The fact that Chipotle s now facing numerous lawsuits is not surprising. It's the reason the lawsuit says Chipotle is to blame that peaked our interest, and took me on the hunt for answers.

Chipotle leaders say when you swiped your credit or debit card, thieves used malware to swipe important information from the magnetic stripe of your card, your name, credit card number, expiration date, and verification code. All that information is embedded in that magnetic stripe and it does not change -- making it easy for thieves to clone your card and take your money.

Advertisement – Content Continues Below

Chip technology is different. When you insert your card into a chip reader, your chip card creates a unique transaction code that cannot be used again -- making it difficult for thieves to get your card information. But according to the lawsuit, Chipotle does not have chip readers. And the lawsuit says, “The defendant (Chipotle) exposed customers to greater damages by... failing to implement chip-based technology..."

If you used your card at the following four Rochester-area locations in late March to mid-April, thieves may already have your credit card information.

Address Dates

640 Jefferson Road, Rochester 3/25/2017–4/18/2017

1847 Ridge Road West, Rochester 3/26/2017–4/18/2017

1495 East Ridge Road, Rochester 3/26/2017–4/18/2017

1360 Mount Hope Ave, Rochester 3/26/2017–4/18/2017

I emailed Chipotle about the lawsuit. A spokesman told me the company can't comment on pending litigation, but they take security very seriously. This breach could potentially be very costly for the restaurant chain. Businesses in the U.S. were given until October 1st, 2015 to upgrade to chip technology. If they failed to do so, the business is then on the hook if a breach occurs. 

Chipotle leaders confirm they're working with cyber security firms to enhance security. If you have questions about the breach, you can contact Chipotle directly at 1-888-738-0534. 

If you used plastic at one of the affected restaurants, here's Deanna’s Do List:

1. Check your online statements every day.  You have to be vigilant.

2. Report any suspicious activity to your credit card issuer/bank immediately.

3. Report suspected identity theft to the Federal Trade Commission.

4. Consider placing a fraud alert or freeze on your credit file.  You can do that by phone, mail or online.

Equifax, PO Box 740256, Atlanta, GA 30374,, 1-800-685-1111

Experian, PO Box 9554, Allen, TX 75013,, 1-888-397-3742

TransUnion, PO Box 2000, Chester, PA 19016,, 1-800-680-7289


Deanna Dewberry

Copyright 2017 - WHEC-TV, LLC A Hubbard Broadcasting Company

Relay Media Amp

We no longer have Facebook comments on this site. Please visit our Facebook Page to join the conversation.