Each Cleveland suburb had at least one location compromised, and Cleveland had four.
In a press release, Chipotle explained that since initial news of a security issue broke last month, they've teamed up with cyber security firms, law enforcement and payment card networks to determine how customers may have been affected.
The company examined the nature of the "malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle restaurants between March 24, 2017 and April 18, 2017."
This malware could access track data, which can include cardholders' names as well as all the cards' numbers, expiration dates and security codes, through their magnetic strips.
In the release, Chipotle cautioned customers:
"It is always advisable to remain vigilant to the possibility of fraud by reviewing payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner."The scandal-ridden fast food company also urged people who fear they may be victims of identity theft to contact the Federal Trade Commission or their state's Attorney General office (Ohio's here).
Comparatively speaking, two dollars for guac doesn't seem so steep anymore. You can check if you may have been affected at the bottom of this page.