Merced Chipotle customers exposed to credit and debit card fraud

If you used a debit or credit card in the last few months to buy food at a Chipotle restaurant, it’s probably a good idea to examine your statement. Hackers tracked payment card data at hundreds of Chipotle restaurants nationwide, including locations in Merced, Turlock and Modesto.

Chipotle Mexican Grill, Inc., first reported a security breach in late April that affected nearly all of its more than 2,000 restaurants. Late last week, the company released more details regarding exactly when certain stores were hacked.

According to the company’s website, the Merced restaurant on R Street was hacked between March 25 and April 8. Two Modesto locations also were affected. The restaurant on Dale Road was hacked between March 25 and April 18 and the McHenry Avenue location between March 27 and April 18. The Turlock store on Countryside Drive was hacked between March 25 and April 18.

In a statement released on its website, the company said an investigation concluded hackers used malware “designed to access payment card data from cards used on point-of-sale (POS) devices.” The information stolen may include the “cardholder name in addition to card number, expiration date, and internal verification code,” the company said.

“It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity,” the company stated. “You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner.”

The phone number to call, if you believe your card may have been compromised, typically is found on the back of your payment card.

“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures,” the company said. “In addition, we continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.

“We regret that this incident occurred and apologize for any inconvenience.”

The company’s website includes information on how to report any suspicious purchases found on your statements.

Merced Police Detective-Sgt. Curt Gorman said police have not received any reports of credit card fraud related to the Chipotle breach, but also said that doesn’t mean Merced customers haven’t been affect.

“A lot of time people don’t make a report, they just handle it through their bank and the bank reverses the charges,” Gorman said Wednesday. “So, it could’ve happened, but, to date, I’m not aware of any reports in Merced.”

It’s unclear whether any police reports had been filed in Modesto or Turlock. Neither police department responded to requests for comment Wednesday.

News of the security breach comes less than two years after a several reported cases of food-poisonings sickened hundreds of people who ate the popular food chain, including at least two cases linked to the store in Turlock on Countryside Drive, the same one affected by the recent security breach.

No such reports were publicly linked to the Merced store.

Chipotle opened its Merced location in March 2014.

This story was originally published May 31, 2017 at 5:18 PM with the headline "Merced Chipotle customers exposed to credit and debit card fraud."