© Photographer: Brian Schulman / Chipotle

The news comes at the same time as some much need positive news for the Chipotle.

April 26, 2017

Overall, Tuesday was a good day for Chipotle. But it probably could have been better. During its quarterly earnings call, the burrito chain that’s been beleaguered since 2015 by a run of food safety issues was finally able to tout some pretty uplifting numbers. After five quarters of same-store sales declines, same-store sales grew almost 18 percent to kick off 2017. Revenues were also up over 28 percent in the first quarter. But anyone looking to temper their enthusiasm could latch onto this bit of bad news: Chipotle also announced it’s joined the growing list of major brands that have had their payment system hacked.

“Finally, we want to make our customers and investors aware that we recently detected unauthorized activity on a network that supports payment processing for purchases made in our restaurants,” Jack Hartung, Chipotle’s CFO, said near the conclusion of his otherwise positive portion of the call. “We immediately began an investigation with the help of leading cyber security firms, law enforcement and our payment processor. We believe actions we have taken have stopped the unauthorized activity and we have implemented additional security enhancements.”

Though Hartung specified that the investigation of the breach focuses on transitions that occurred between March 24 and April 18 of this year, he said that since “our investigation is continuing,” he couldn’t release any additional details at this time, including during the call’s question and answer session. He did, however, hint that their might be another shoe to drop. “We anticipate notifying any affected customers as we get further clarity about the specific timeframes and the restaurant locations that might have been affected,” he stated, wrapping up his discussion of the matter.

Even in its early stages, this investigation is a damper on Chipotle’s good news, but while it might spook investors in the short term, customers typically don’t have to eat unauthorized credit card charges—literally or figuratively—so a hack is probably far less concerning than E. coli. And for now all that seems to be behind Chipotle.