Chipotle has identified malware that it says was used to steal customer payment data over a span of just more than three weeks, and dozens of Illinois locations were among those affected by the breach.

In a news release Friday, the company said customer information was compromised between March 24 and April 18. The malware searched for track data, which can include cardholder names in addition to card numbers, expiration dates and internal verification codes. Chipotle said the malware searched from the information from the magnetic stripe of the payment card.

The malware has since been removed, according to Chipotle, and no other customer information was stolen. The company provided a list of locations that were affected by the breach on its website, though it is unclear how many customers were affected.