Fast-food chain Chipotle Mexican Grill has confirmed the source of the malware that afftected "most" of its stores across the nation by a cyberattack in which thousands of customer's credit card information was stolen earlier this year.


"The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device," Chipotle in a statement on their website. "There is no indication that other customer information was affected."

The attack was verified by the company on April 25 and an investigation was opened that involved private cybersecurity firms, law enforcement agencies, and the afflicted payment networks. The Denver-based chain released a tool that allows concerned customers to view where affected stores were located and if they had purchased from compromised branches. Affected customers are advised to inspect bank statements for suspicious activity and are encouraged to file complaints with the Federal Trade Commission if there is a discrepancy tied to Chipotle in their finances.

A quick survey of the database reveals that every state that Chipotle operates in had restaurants that were breached. This comes of the heels of an extremely well-publicized public health scare for the Tex-Mex chain in which several outbreaks of E. coli damaged their reputation and stock prices for months on end.