In an announcement over the weekend, Chipotle Mexican Grill said it has identified the malware that siphoned users’ payment card data from point-of-sale (POS) devices at Chipotle restaurants in a breach earlier this year.

It was in late April when restaurant franchise Chipotle revealed it had suffered a security breach affecting its POS systems. Details were scarce when the data breach was first revealed on April 25, 2017. Details from a new update by the restaurant operator revealed the malware was operating from March 24 to April 18 by searching for data from a bank card’s magnetic stripe.

This stripe often contains the cardholder’s name, in addition to other details like the credit card number, expiration date, and international verification code. Chipotle says there is ‘no indication that other customer information was affected’. However, the stolen card information is enough to jeopardize bank accounts associated ot the card.

Chipotle says it has removed the malware following an investigation and is asking users to ‘remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity”.

“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance security measures,” Chipotle said. “In addition, we continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.”

Chipotle has pointed users toward a ‘locator tool’ to check for affected restaurants “identified during the investigation’ on its website. Pointedly, it states that “not all locations were identified, and the specific time frames vary by location.”

However, a deep dive by The Verge looking into the tool revealed that ‘every state Chipotle operates in had restaurants that were breached, including most major cities.’

Pointedly, Chipotle did not reveal the exact number of restaurants affected, while adding that “most” of its locations around the United States may have been compromised.

Image credit: Flickr.