Class Action Lawsuits Filed over Chipotle Breach

June 14, 2017, Written By Lynn Oldshue

Two class action lawsuits have been filed against Chipotle over its recent data breach—one in California and one in Colorado.

According to the California complaint, the restaurant chain’s “security protocols were so deficient that the Data Breach continued for over three weeks while Defendant failed to even detect it.” The company has admitted the breach affected customers who dined at Chipotle between March 24 and April 8, and impacted most of their 2,250 restaurants.

The lawsuit further asserts that the breach “could have been prevented,” as it was similar to breaches at Target and Home Depot. In all of these breaches, cybercriminals were able to install malware on the payment card systems, which allowed them to steal payment card details, such as the cardholder’s name, card number and CVV code. Following these breaches, the suit claims other companies took measures to “make transactions more secure,” but Chipotle “did not.”

In the Colorado lawsuit, the plaintiff, Todd Gordon, is alleging the payment card information he used at Chipotle was stolen and used fraudulently. Since these alleged fraudulent charges exceeded Gordon’s credit limit, he asserts that “through no fault of Plaintiff’s own, American Express made a report to the credit bureaus, thereby negatively affecting Plaintiff’s credit score and information.”

While Chipotle has not released an estimate about how many customers were affected, the California suit alleges “tens of millions” of customers could have been affected.



The information contained within this article was accurate as of June 14, 2017. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About Lynn Oldshue

Lynn Oldshue has written personal finance stories for LowCards.com for twelve years. She majored in public relations at Mississippi State University.
View all posts by Lynn Oldshue