Between 24 March and 18 April 2017, attackers installed malware on point-of-sale systems at most Chipotle Mexican Grill restaurant locations in the United States. The malware scraped payment card track data from device memory (RAM scraping) during the processing of transactions. Chipotle disclosed the breach on 26 May 2017. The affected window covered approximately 2,250 restaurant locations (the majority of Chipotle’s US locations). Compromised data included cardholder names, card numbers, expiration dates, and internal verification codes from the magnetic stripe. Chip-and-PIN (EMV) transactions were not affected; only customers who swiped magnetic stripe cards were impacted. The breach was discovered when banks reported patterns of fraudulent card use consistent with cards recently used at Chipotle locations. Chipotle provided a lookup tool for customers to find potentially affected locations. Chipotle stated the attackers had access to some systems in limited portions of July, August, September, and October 2016 as well. The attack followed a similar pattern to POS malware attacks on Target (2013), Home Depot (2014), and other major retailers. Chipotle worked with law enforcement and cybersecurity firms to investigate and remediate. The breach highlighted ongoing vulnerabilities in magnetic stripe payment infrastructure and the need for EMV chip payment adoption, which was still incomplete across US retail at the time.