**Chipotle and Workday Disclose Data Breach Affecting Employee PII**
On December 23, 2025, Chipotle Mexican Grill and its HR software provider, Workday, announced a data breach exposing the personally identifiable information (PII) of current and former employees. The incident stemmed from unauthorized access to Workday profiles used by Chipotle for human resources and recruitment.
The breach occurred on October 9 and October 26, 2025, with Chipotle confirming the compromise of sensitive data—including Social Security numbers, dates of birth, and bank account details—by November 7, 2025. The exposed information heightens risks of identity theft and financial fraud for affected individuals.
Chipotle reported the breach to the New Hampshire Attorney General’s office, noting that at least two state residents were impacted, though the full scope remains under investigation. Affected employees have been notified by mail.
In response, Chipotle launched an internal investigation and is offering complimentary Kroll Identity Monitoring services to those impacted. The company has also established a dedicated call center for inquiries. The incident underscores ongoing vulnerabilities in third-party HR and cloud-based systems.
Source: https://www.claimdepot.com/data-breach/chipotle-mexican-grill-2025
Workday cybersecurity rating report: https://www.rankiteo.com/company/workday
Chipotle Mexican Grill cybersecurity rating report: https://www.rankiteo.com/company/chipotle-mexican-grill
"id": "WORCHI1766599526",
"linkid": "workday, chipotle-mexican-grill",
"type": "Vulnerability",
"date": "12/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Current and former employees',
'industry': 'Restaurant/Food Service',
'location': 'United States',
'name': 'Chipotle Mexican Grill, Inc.',
'type': 'Company'}],
'attack_vector': 'Unauthorized access to Workday profiles',
'customer_advisories': 'Call center at 844-574-1154, Monday through Friday, 9 '
'a.m. to 6:30 p.m. ET',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security number',
'Date of birth',
'Account number',
'Routing number']},
'date_detected': '2025-11-07',
'date_publicly_disclosed': '2025-12-23',
'description': 'Chipotle Mexican Grill, Inc. disclosed a significant data '
'breach exposing personally identifiable information (PII) of '
'current and former employees due to unauthorized access to '
'Workday profiles.',
'impact': {'data_compromised': 'Personally identifiable information (PII)',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Workday HR and finance software'},
'investigation_status': 'Ongoing',
'recommendations': ['Sign up for free Kroll Identity Monitoring services',
'Monitor credit reports and financial accounts for '
'unusual activity',
'Be alert for phishing emails or phone calls',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus'],
'references': [{'source': 'Chipotle Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': 'New Hampshire Attorney '
'General'},
'response': {'communication_strategy': 'Notification by mail, call center '
'setup',
'third_party_assistance': 'Kroll Identity Monitoring services'},
'title': 'Chipotle Mexican Grill Data Breach via Workday',
'type': 'Data Breach'}