Burrito slinger Chipotle says that "most" of its US restaurants were affected by a card data-stealing POS malware attack earlier this year.
The data breach, which was first reported last month, saw malware make its way onto POS devices in almost all US states between 24 March and 18 April. The Mexican grill has put up a list of affected locations here.
The malware searched for track data - including cardholder names as well as card numbers, expiration dates and internal verification codes - read from the magnetic stripes of cards as they were being routed through the POS devices.
Chipotle says it has removed the malware and has been working with cyber security firms, law enforcement and the card networks to investigate the breach. Customers are being advised to keep an eye on their card statements for unauthorised activity.