Home
>
Data Breach>Chipotle Mexican Grill

Data breach at Chipotle Mexican Grill exposes employees' Social Security Numbers

Published
December 24, 2025
Updated
December 29, 2025
Data breach at Chipotle Mexican Grill exposes employees' Social Security Numbers
Chipotle Mexican Grill

Affected by the

Chipotle Mexican Grill

data breach?

Join the Lawsuit

On Dec. 23, 2025, Chipotle Mexican Grill, Inc., disclosed a significant data breach exposing personally identifiable information (PII) of current and former employees. So far, the data breach has impacted at least 31 individuals in Maine and two in New Hampshire. However, this in an ongoing investigation and the number of impacted individuals is subject to change.

According to the disclosure, Workday profiles of Chipotle employees were accessed by an unauthorized threat actor October 9 and October 26, 2025. By Nov. 7, 2025, the company determined that sensitive information of certain current and former employees were compromised. Exposed information includes Social Security number, date of birth, account number, and routing number. The exposure of PII puts employees at risk of identity theft and financial fraud.

The breach follows a pattern that's been seen across various companies of individuals having used phishing, social engineering, and other methods to obtain access to Workday payroll accounts of employees to divert direct deposit payments. As such, this breach was not a compromise of Workday's systems but rather it is specific to Chipotle's instance only.

Beginning on Dec. 23, 2025, the company disclosed the data breach to the Attorney Generals' offices in New Hampshire, Massachusetts and Vermont. Impacted individuals have been notified by mail.

Chipotle's response

After identifying the breach, Chipotle took steps to investigate the incident and limit further exposure of personal information. In response to the breach, the company is offering complimentary Kroll Identity Monitoring services to impacted individuals.

If you receive notification from Chipotle about this breach, you may want to:

  • Sign up for the free Kroll Identity Monitoring services, offered by Chipotle.
  • Monitor your credit reports and financial accounts for any unusual activity.
  • Be alert for phishing emails or phone calls that may use your exposed information.
  • Consider placing a fraud alert or credit freeze with major credit bureaus.

For affected individuals with questions, Chipotle has set up a call center at 844-574-1154, Monday through Friday, 9 a.m. to 6:30 p.m. ET.

Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info
  • Affected information types not yet disclosed

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Sources

Disclosures

Breach Summary

Affected Entity
Chipotle Mexican Grill
Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
Information Types Exposed

Data Breach Settlements

Pediatric Home Service Data Breach Class Action Settlement
Panda Express $2.45M Data Breach Class Action Settlement
Saratoga Harness Racing Data Breach Class Action Settlement
McLaren Health Care $14M Data Breach Class Action Settlement
HopSkipDrive $1.99M Data Breach Class Action Settlement
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image

What to Read Next

Howard Brown Health Data Breach Affects 8,357 People
February 6, 2026
Howard Brown Health Data Breach Affects 8,357 People
MTI America Data Breach Exposes Social Security Numbers
February 6, 2026
MTI America Data Breach Exposes Social Security Numbers
Merkle Inc. Data Breach Exposes Social Security Numbers
February 6, 2026
Merkle Inc. Data Breach Exposes Social Security Numbers
Sun Communities Data Breach Exposes SSNs, Addresses, & More
February 6, 2026
Sun Communities Data Breach Exposes SSNs, Addresses, & More