On April 26, 2017, Chipotle Mexican Grill announced that it had detected a breach of the system it uses to process customers’ payment card information.
Last week, a second financial institution filed a proposed class action in Colorado federal court accusing the restaurant chain of failing to maintain adequate security measures.
In the complaint filed by Alcoa Community Federal Credit Union, it was estimated that hundreds of thousands of customers at locations nationwide had their data compromised because of the chain’s negligence. The complaint alleged that Chipotle failed to adequately protect against the damage of a potential hack by failing to implement the chip-based card technology known as EMV technology in its point-of-sale system. Alcoa alleged that the compromised data will cost financial institutions millions of dollars to fix. Because of the breach of security, the complaint alleges that members of the class have incurred and will continue to incur significant costs associated with notifying their customers of issues related to the Chipotle data breach, closing out and opening new customer accounts, reissuing customers’ cards, and/or refunding customers’ losses resulting from the unauthorized use of their accounts.
Alcoa’s proposed class action on behalf of financial institutions marked the second of its kind in less than a month. Earlier this month, Bellwether Community Credit Union filed a proposed nationwide class action.
The case is Alcoa Community Federal Credit Union v. Chipotle Mexican Grill Inc., case number 1:17-cv-01283, in the U.S. District Court for the District of Colorado.