Chipotle has released further information about the breach to its POS system that ran from March 24 to April 18 and affected customers in more than 2,000 restaurants.

The announcement includes the fact that stolen data included card numbers, expiration dates, and internal verification codes.

Chipotle has instructed users to got to the website and enter there state to see if any of the restaurants in that location were affected and to be vigilant about their security.

“For a company that has already been suffering from “brand damage” from other areas of its business, security concerns are clearly an unwanted situation for the organization and its customers,” Dana Simberkoff, chief compliance and risk officer at AvePoint said. “While I don't have an estimate on the potential costs to the brand, it's likely that Chipotle will be subject to probing questions from investigating state and federal agencies on why they have not moved more rapidly to update their systems in order to protect their customers' payment data.”

Although the company is providing credit monitoring services, it is still up to the customer to see if they were affected.

“Customers may add this as another reason to be leery of buying anything from their stores, and word-of-mouth about these concerns could create a longer term impact to revenue,” Wenzler said. “The direct costs of this breach may also be difficult to calculate, as Chipotle does not maintain customer contact information or any other databases that would allow them to identify exactly who and how many people have been affected.”

Source: SCMagazine