Chipotle Breach Includes Bethesda, Chevy Chase Locations

BETHESDA, MD — Malware was used to steal customer payment data over a three-week period this spring from Chipotle restaurants across the country, and locations in Bethesda and Chevy Chase were among those affected.

Customer information was compromised from transactions that occurred between March 24 and April 18, the company said in a news release.

The malware used the magnetic stripe of payment cards to access information like cardholder name, card number, expiration date and internal verification code, according to a statement from Chipotle.

"It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity," Chipotle said in a statement. "You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner." Phone numbers for credit companies are usually on the back of the cards.

Chipotle said that the malware has since been removed, and no other customer information was stolen. The company provided a list of locations that were affected by the breach on its website.

These locations were impacted:

• 7600 Old Georgetown Road, Bethesda; March 25–April 18
• 7101 Democracy Boulevard, Bethesda; March 26–April 18
• 10400 Old Georgetown Road, Bethesda; March 26 to April 18
• 74471 Willard Avenue, Chevy Chase; March 26 to April 18

See all Maryland locations affected by the data breach.

— By Patch editors Mike Carraggi and Elizabeth Janney

Patch file photo.