May 27 (UPI) -- Chipotle Mexican Grill, still reeling from a 2016 foodborne illness outbreak that shook the eatery, announced Friday hackers used malware to steal customer information from many of its more than 2,000 locations.
The company said the malware was used to gain access to point of sale terminals in 47 states and Washington, D.C. from March 24 to April 18. The malware searched for data that included credit card numbers, expiration dates and verification codes that is read from the magnetic strip, but "there is no indication that other customer information was affected."
Chipotle said its affiliate company Pizzeria Locale was also hit by the malware breach. The company listed seven locations, in Ohio, Missouri, Kansas and Colorado, that may have been hit with the breach.
Chipotle first announced the breaches in April, but recently found it was much wider than initially stated. Chipotle urged credit card customers to closely review their payment statements and report unauthorized activity to their credit card companies.
"During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures. In addition, we continue to support law enforcement's investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring," the company said.
In 2016, the company took a big hit after outbreaks of norovirus and E. coli at several of its restaurants nationwide. Some 55 people in 11 states reported getting sick.