Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Chipotle Mexican Grill Inc. is facing a class action lawsuit accusing it of failing to safeguard its customers’ payment card information, leading to the compromise of this data in a data breach earlier this year.
Around March 24, 2017, Chipotle’s point-of-sale systems were reportedly targeted by hackers who used malicious software to steal customers’ private information, according to the data breach class action lawsuit.
The malware was reportedly installed in a majority of Chipotle restaurant locations through April 18. Chipotle confirmed the data breach on April 25, according to the Chipotle class action lawsuit.
“Defendant’s security protocols were so deficient that the Data Breach continued for over three weeks while Defendant failed to even detect it—this despite widespread knowledge of the malicious software (or malware) used to perpetrate the Data Breach, which, upon information and belief, was similar to the malware used to perpetrate the earlier, notorious, and widely reported data breaches affecting retailers Target and Home Depot,” plaintiff Kristin Baker alleges in the Chipotle class action lawsuit.
Although Chipotle has indicated that it does not know the total number of customers affected by the data breach, Baker estimates the number of potential Class Members could be in the tens of millions.
Baker argues that Chipotle could have prevented the data breach, especially because the malware used to target point-of-sale systems was similar to the malware used in the Home Depot and Target data breaches. According to the Chipotle data breach class action lawsuit, the Mexican food chain failed to adopt technology that makes transactions more secure.
According to the data breach class action lawsuit, Chipotle’s failure to “take reasonable measures to ensure its data systems were protected” and its failure to take steps to prevent the data breach from happening made customers’ information vulnerable to hackers.
Baker says she would not have made a purchase at a Chipotle restaurant, or would not have paid as much for her purchase, if she had known the restaurant chain failed to take precautions necessary to safeguard her personal and financial data.
The Chipotle data breach class action lawsuit alleges the restaurant chain failed to keep customers’ personal identification information, such as cardholders’ names and mailing addresses, separate from their payment card data, contrary to the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is designed to ensure companies protect cardholder data.
Personal identification information and payment card information is extremely valuable to hackers because it can be sold on the black market. The information can be purchased and used by criminals to perpetrate fraud, identity theft, or other crimes that harm victims. Baker asserts that these effects can be quite damaging, and harm a person’s credit score, job prospects and ability to obtain government benefits. Some criminal activity related to a data breach may not come to light for years.
“Plaintiff and Class members now face years of constant surveillance of their financial and personal records, monitoring, and loss of rights,” Baker says in the Chipotle class action lawsuit.
The Chipotle data breach class action lawsuit asserts violations of the California Customer Records Act, breach of implied contract and violation of the California Unfair Competition Law. Baker seeks injunctive relief, restitution, disgorgement of revenues, actual damages, compensatory damages, statutory damages, attorneys’ fees and costs, and other relief the court deems proper.
Baker is represented by Tina Wolfson of Ahdoot & Wolfson PC and Cornelius P. Dukelow of Abington Cole + Ellery.
The Chipotle Data Breach Class Action Lawsuit is Kristin Baker v. Chipotle Mexican Grill Inc., Case No. 5:17-cv-01134, in the U.S. District Court for the Central District of California.
UPDATE: The Chipotle Data Breach Class Action Lawsuit was voluntarily dismissed on July 5, 2017. Top Class Actions will let our viewers know if an amended complaint is filed.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
74 thoughts onChipotle Class Action Alleges Failure to Safeguard Customer Info
My account was also hacked, I live in Ohio, but someone in Nw York accessed my chipotle account and charged food to be delivered. I had to close my bank debit card and get a new one issued. This took about a week, I spoke to Chipotle district manager, they sent me 4 free burrito vouchers, but I expressed the problems with their website, not allowing you to option to pay cash when making pickup or being about use your card one time and delete it. Their website now allows you to use a card once and delete it.
Add me please, my card was used and I live in California and it happened in Maryland and I had to be reissued a new card
I’ve had my debit card replaced atleast 5 times within the past year. Chipotle was one of the places, as well as, WalMart, and Go Mart. Please add me to the list.
The case is still moving through the courts and has not yet reached a settlement. Claim forms are usually not made available to consumers until after a court approved settlement is reached. We recommend you sign up for a free account at TopClassActions.com and follow the case. We will update the article with any major case developments or settlement news! Setting up a free account with Top Class Actions will allow you to receive instant updates on ANY article that you ‘Follow’ on our website. A link to creating an account may be found here: https://topclassactions.com/signup/. You can then ‘Follow’ the article above, and get notified immediately when we post updates!