Gordon, et al. v. Chipotle Mexican Grill, Inc., No. 1:17-cv-01415-CMA-SKC (D. Colo.)
Chimicles Schwartz Kriner & Donaldson-Smith LLP (“CSK&D”) filed this class action lawsuit against Chipotle Mexican Grill Inc. (“Chipotle”) following Chipotle’s announcement in early 2017 that it detected a security breach in its payment card environment. Following the completion of its breach investigation, Chipotle “identified the operation of malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle and Pizzeria Locale restaurants between March 24, 2017 and April 18, 2017. The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device.”
Plaintiffs largely prevailed over multiple attempts by Chipotle to have the case dismissed. After filing an Amended Complaint in October 2018, Chipotle filed an Answer.