People who ate at Chipotle in March or April may get a new debit card

RICHMOND, Va. – At least one local bank will issue customers new debit cards after a recent Chipotle data breach.

Chipotle Mexican Grill announced on April 25 that a data security breach had occurred between March 24 and April 18, 2017.

Virginia Credit Union recently notified customers whose debit card numbers “may be vulnerable to potential fraud.” The banks said the vulnerability “is likely due to the card compromise at Chipotle that has been recently reported.”

The bank also emphasized that bank cards were being issued over the possibility of fraudulent activity, not necessarily because client cards were involved in fraudulent activity.

Chipotle contacted cyber security firms and law enforcement after they said they detected unauthorized activity on the network that supports payment processing for purchases made in their restaurants.

“We anticipate providing notification to any affected customers as we get further clarity about the specific time frames and restaurant locations that may have been affected,” said a company representative in a released statement (see in full, below).

Chipotle recommended consumers closely monitor payment card statements. If anyone notices unauthorized charges they are asked to notify their bank.

VACU advised clients to regularly review statements and account information, using online and mobile banking. They also advised clients who provided their card number to companies for automatic drafts (such as EZ Pass, internet service, etc.), to contact them with the new card number and expiration date when the card is received.

Navy Federal Credit Union said they had not seen any accounts affected at this time. A Bank of America representative said they “couldn’t comment on a particular merchant or location,” but that they “constantly monitor customers’ accounts for fraud and, if we believe a customer’s account may have been compromised at a third-party location, we’ll notify the customer and reissue the card.”

Chipotle’s full statement, from April, is below:

We want to make our customers aware that we recently detected unauthorized activity on the network that supports payment processing for purchases made in our restaurants. We immediately began an investigation with the help of leading cyber security firms, law enforcement, and our payment processor. We believe actions we have taken have stopped the unauthorized activity, and we have implemented additional security enhancements. Our investigation is focused on card transactions in our restaurants that occurred from March 24, 2017 through April 18, 2017. Because our investigation is continuing, complete findings are not available and it is too early to provide further details on the investigation. We anticipate providing notification to any affected customers as we get further clarity about the specific time frames and restaurant locations that may have been affected.