Holy Guacamole! – Chipotle Hit With Data Breach


Chipotle Mexican Grill Inc. has had a rough couple of years, however, it looked to be rebounding from an E.coli outbreak and other food safety issues that started in 2015. But, the burrito barons, the largest fast casual restaurant in the world with a $13.84 billion market capitalization according to Bloomberg data, can’t seem to stay away from drama and this time it comes in the form of a data breach.

The fast casual restaurant chain recently announced that it discovered unauthorized access to its payment card systems. Chipotle is investigating network activity from March 24, 2017 through April 18, 2017. 

Dana Simberkoff, chief compliance and risk offer at AvePoint Inc. in Jersey City, N.J., said that Chipotle isn’t alone. They are in the “unenviable company of organizations—a list that seems to grow weekly, if not daily—that are reporting data breaches.” 

Recently New Mexico became the 48th state to require companies to notify individuals affected by a data breach, leaving only South Dakota and Alabama without a breach notice law. State breach notice laws add extra scrutiny on companies across multiple jurisdictions, Simberkoff said. There are greater “consequences of failure” to secure valuable data due to increased post-breach scrutiny by regulators and the government, Simberkoff said. 

Other quick food eateries have faced data breaches. McDonald’s Corp. and friend chicken giant Kentucky Fried Chicken Corp. both announced they were hit by separate data security incidents. Neither have seen class suits relating to the breaches so far.

But another fast food mainstay has seen litigation. The Wendy’s Co. must face class claims from financial institutions over an alleged data breach that hit consumers Oct. 22, 2015 through March 10, 2016. That case is still pending.


Maybe hackers have a special hankering for fast food. Guac not included.