Chipotle Discloses Data Breach Impacting Employee PII
On December 23, 2025, Chipotle Mexican Grill reported a data breach exposing the personally identifiable information (PII) of current and former employees. The incident, currently under investigation, has affected at least 31 individuals in Maine and two in New Hampshire, though the total number of impacted employees may rise.
The breach occurred between October 9 and October 26, 2025, when an unauthorized threat actor accessed Chipotle’s Workday employee profiles. By November 7, the company confirmed that sensitive data—including Social Security numbers, dates of birth, bank account numbers, and routing numbers—had been compromised. The exposed information heightens risks of identity theft and financial fraud.
Unlike a broader Workday system compromise, this breach targeted Chipotle’s specific instance, likely through phishing or social engineering tactics. Similar attacks have been observed across other companies, where threat actors hijack payroll accounts to redirect direct deposit payments.
Chipotle notified the Attorney Generals’ offices in New Hampshire, Massachusetts, and Vermont on December 23 and began mailing notifications to affected individuals. The company has also engaged Kroll to provide complimentary identity monitoring services for those impacted. A dedicated call center (844-574-1154) was established for inquiries.
Source: https://www.claimdepot.com/data-breach/chipotle-mexican-grill-2025
Chipotle Mexican Grill cybersecurity rating report: https://www.rankiteo.com/company/chipotle-mexican-grill
"id": "CHI1767917888",
"linkid": "chipotle-mexican-grill",
"type": "Breach",
"date": "12/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '33+ (31 in Maine, 2 in New '
'Hampshire)',
'industry': 'Restaurant/Food Service',
'location': 'United States',
'name': 'Chipotle Mexican Grill, Inc.',
'type': 'Corporation'}],
'attack_vector': 'Phishing, Social Engineering',
'customer_advisories': 'Call center established at 844-574-1154 (Mon-Fri, 9 '
'a.m. to 6:30 p.m. ET)',
'data_breach': {'number_of_records_exposed': '33+ (ongoing investigation)',
'personally_identifiable_information': ['Social Security '
'Number',
'Date of Birth',
'Account Number',
'Routing Number'],
'sensitivity_of_data': 'High (SSN, DOB, account/routing '
'numbers)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2025-11-07',
'date_publicly_disclosed': '2025-12-23',
'description': 'Chipotle Mexican Grill, Inc. disclosed a significant data '
'breach exposing personally identifiable information (PII) of '
'current and former employees. The breach impacted at least 31 '
'individuals in Maine and two in New Hampshire, with the '
'investigation ongoing. Unauthorized access to Workday '
'profiles occurred on October 9 and October 26, 2025, leading '
'to the compromise of sensitive employee data.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'employee data exposure',
'data_compromised': 'Personally Identifiable Information (PII)',
'identity_theft_risk': 'High (exposure of SSN, DOB, '
'account/routing numbers)',
'payment_information_risk': 'High (exposure of account/routing '
'numbers)',
'systems_affected': "Workday payroll accounts (Chipotle's "
'instance)'},
'initial_access_broker': {'entry_point': 'Workday payroll accounts '
'(phishing/social engineering)',
'high_value_targets': 'Employee payroll data'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (potential direct deposit diversion)',
'post_incident_analysis': {'root_causes': 'Unauthorized access via '
'phishing/social engineering to '
'Workday accounts'},
'recommendations': ['Sign up for free Kroll Identity Monitoring services',
'Monitor credit reports and financial accounts for '
'unusual activity',
'Be alert for phishing emails or calls using exposed '
'information',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus'],
'references': [{'source': 'Chipotle Data Breach Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': ['Disclosure to '
"Attorney Generals' "
'offices in NH, MA, '
'VT']},
'response': {'communication_strategy': "Disclosure to Attorney Generals' "
'offices (NH, MA, VT), notification to '
'impacted individuals via mail',
'containment_measures': 'Investigation initiated, steps taken to '
'limit further exposure',
'remediation_measures': 'Offering complimentary identity '
'monitoring to impacted individuals',
'third_party_assistance': 'Kroll Identity Monitoring services'},
'title': 'Chipotle Mexican Grill Data Breach - Workday Profiles Compromised',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized access to Workday payroll accounts'}