Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Chipotle Mexican Grill Inc. is facing a class action lawsuit accusing it of failing to safeguard its customers’ payment card information, leading to the compromise of this data in a data breach earlier this year.
Around March 24, 2017, Chipotle’s point-of-sale systems were reportedly targeted by hackers who used malicious software to steal customers’ private information, according to the data breach class action lawsuit.
The malware was reportedly installed in a majority of Chipotle restaurant locations through April 18. Chipotle confirmed the data breach on April 25, according to the Chipotle class action lawsuit.
“Defendant’s security protocols were so deficient that the Data Breach continued for over three weeks while Defendant failed to even detect it—this despite widespread knowledge of the malicious software (or malware) used to perpetrate the Data Breach, which, upon information and belief, was similar to the malware used to perpetrate the earlier, notorious, and widely reported data breaches affecting retailers Target and Home Depot,” plaintiff Kristin Baker alleges in the Chipotle class action lawsuit.
Although Chipotle has indicated that it does not know the total number of customers affected by the data breach, Baker estimates the number of potential Class Members could be in the tens of millions.
Baker argues that Chipotle could have prevented the data breach, especially because the malware used to target point-of-sale systems was similar to the malware used in the Home Depot and Target data breaches. According to the Chipotle data breach class action lawsuit, the Mexican food chain failed to adopt technology that makes transactions more secure.
According to the data breach class action lawsuit, Chipotle’s failure to “take reasonable measures to ensure its data systems were protected” and its failure to take steps to prevent the data breach from happening made customers’ information vulnerable to hackers.
Baker says she would not have made a purchase at a Chipotle restaurant, or would not have paid as much for her purchase, if she had known the restaurant chain failed to take precautions necessary to safeguard her personal and financial data.
The Chipotle data breach class action lawsuit alleges the restaurant chain failed to keep customers’ personal identification information, such as cardholders’ names and mailing addresses, separate from their payment card data, contrary to the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is designed to ensure companies protect cardholder data.
Personal identification information and payment card information is extremely valuable to hackers because it can be sold on the black market. The information can be purchased and used by criminals to perpetrate fraud, identity theft, or other crimes that harm victims. Baker asserts that these effects can be quite damaging, and harm a person’s credit score, job prospects and ability to obtain government benefits. Some criminal activity related to a data breach may not come to light for years.
“Plaintiff and Class members now face years of constant surveillance of their financial and personal records, monitoring, and loss of rights,” Baker says in the Chipotle class action lawsuit.
The Chipotle data breach class action lawsuit asserts violations of the California Customer Records Act, breach of implied contract and violation of the California Unfair Competition Law. Baker seeks injunctive relief, restitution, disgorgement of revenues, actual damages, compensatory damages, statutory damages, attorneys’ fees and costs, and other relief the court deems proper.
Baker is represented by Tina Wolfson of Ahdoot & Wolfson PC and Cornelius P. Dukelow of Abington Cole + Ellery.
The Chipotle Data Breach Class Action Lawsuit is Kristin Baker v. Chipotle Mexican Grill Inc., Case No. 5:17-cv-01134, in the U.S. District Court for the Central District of California.
UPDATE: The Chipotle Data Breach Class Action Lawsuit was voluntarily dismissed on July 5, 2017. Top Class Actions will let our viewers know if an amended complaint is filed.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
74 thoughts onChipotle Class Action Alleges Failure to Safeguard Customer Info
My debit and credit card was compromised when I used them at Chipotle. Both cards were replaced by my bank and credit card company. Please add me to lawsuit.
I had to be sent a new debit card after using it there. My bank contacted me about hotel purchases in Texas.
I used my card there several times. I had to close my card.
Add me , just had my debit card replaced because of this and having to update my financial life is a pain
There was an issue with my credit card, my banking institution called me and ask if I purchased items in Florida, I told them no I did not since I reside in MD, they cancel my card and sent me a new one. I would like to join this class action lawsuit. Thank you!
I agree, my credit union suddenly canceled my debit card,and sent me a replacement in may right after the data breach w/chipotle.I hadnt even known about it till after my card was sent out.regarding Home depots data breach last year-they offered me 2 yrs of free credit monitoring from that settlement.
I used my card there several times
add me
My credit card started getting charges on it 5 states away. I couldn’t figure out how someone could have gotten my information. Then I saw this about Chipotle’s. I had used my card there getting my granddaughter a burrito. This really is unsettling. Now I try to carry more cash so I don’t have to use my card as much. I thought it was safer to use a card. Guess I was wrong.
I also use my card tgere and 3 weeks ago got a call from bank said my card had some fraudulet issues on i and had to get another card and send in a dispressment on ths charges