Class Action Lawsuits Filed over Chipotle Breach
Two class action lawsuits have been filed against Chipotle over its recent data breach—one in California and one in Colorado.
According to the California complaint, the restaurant chain’s “security protocols were so deficient that the Data Breach continued for over three weeks while Defendant failed to even detect it.” The company has admitted the breach affected customers who dined at Chipotle between March 24 and April 8, and impacted most of their 2,250 restaurants.
The lawsuit further asserts that the breach “could have been prevented,” as it was similar to breaches at Target and Home Depot. In all of these breaches, cybercriminals were able to install malware on the payment card systems, which allowed them to steal payment card details, such as the cardholder’s name, card number and CVV code. Following these breaches, the suit claims other companies took measures to “make transactions more secure,” but Chipotle “did not.”
In the Colorado lawsuit, the plaintiff, Todd Gordon, is alleging the payment card information he used at Chipotle was stolen and used fraudulently. Since these alleged fraudulent charges exceeded Gordon’s credit limit, he asserts that “through no fault of Plaintiff’s own, American Express made a report to the credit bureaus, thereby negatively affecting Plaintiff’s credit score and information.”
While Chipotle has not released an estimate about how many customers were affected, the California suit alleges “tens of millions” of customers could have been affected.