COLUMBIA, MD — Malware was used to steal customer payment data over a three-week period this spring from Chipotle restaurants across the country, and Columbia locations were among those affected.

Customer information was compromised from transactions that occurred between March 24 and April 18, the company said in a news release. The malware used the magnetic stripe of payment cards to access information like cardholder name, card number, expiration date and internal verification code, according to a statement from Chipotle.

"It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity," Chipotle said in a statement. "You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner." Phone numbers for credit companies are usually on the back of the cards. Chipotle said that the malware has since been removed, and no other customer information was stolen. The company provided a list of locations that were affected by the breach on its website.

In Columbia, the restaurants at 6181 Old Dobbin Lane (transactions from March 25 to April 18) and at the Mall in Columbia (March 26 to April 18) were among those where the malware had been found. See all Maryland locations affected by the data breach. — By Patch editors Mike Carraggi and Elizabeth Janney