Chipotle Mexican Grill has been the victim of a cyberattack that compromised the credit card payment information for a small number of customers. Many customers have recently posted on social media that orders placed at the restaurant fraudulently used their payment cards during the first few weeks of April.
“The privacy and security of our customer information is very important,” said Laurie Schalow, chief communications officer at Chipotle, according to Mobile Payments Today. “We have no indication of any breach of Chipotle’s databases or systems.”
“We are among the many retail, hotel and restaurant companies affected by credential stuffing, in which combinations of user names and passwords are accessed by third parties and used on websites of different companies to see if they can gain access,” she added.
Schalow further explained that, “through credential stuffing, [an attacker] can access [the customer’s] account once they have their user name and password, and place an order, but they cannot see their personal credit card data.”
Chipotle, which will continue to monitor the situation, recently posted better-than-expected earnings results for the fourth quarter of 2018, reporting sales of $1.23 billion and earnings of $1.72 per share, compared with analysts’ estimates of $1.19 billion and $1.34 per share.
CEO Brian Niccol noted in an earnings conference call that the company saw 6.1 percent comparable restaurant sales growth during the quarter (which included 2 percent restaurant transaction growth), along with restaurant-level margins of 17 percent. “The growth acceleration this quarter gives us confidence that our strategy to win today and create the future is working,” he said.
In addition, Niccol revealed that the company opened the doors of 137 new restaurants in 2018, “with industry-leading returns.” In existing restaurants, the company completed the “big fix,” and is working on growing the reach of its digital system to provide more convenience and better access to diners.