Chipotle Data Breach Exposes Employee SSNs & Financial Info

On Dec. 23, 2025, Chipotle Mexican Grill, Inc., in partnership with Workday, disclosed a significant data breach exposing personally identifiable information (PII) of current and former employees. The breach was related to Workday, a cloud-based human resources and finance software provider that Chipotle uses for HR and recruitment.

According to the disclosure, Workday profiles of Chipotle employees were accessed by an unauthorized threat actor October 9 and October 26, 2025. By Nov. 7, 2025, the company determined that sensitive information of certain current and former employees were compromised. Exposed information includes Social Security number, date of birth, account number, and routing number. The exposure of PII puts employees at risk of identity theft and financial fraud.

The company disclosed the data breach to the New Hampshire Attorney General on Dec. 23, 2025, reporting that at least two residents of the state were impacted. However, this investigation is ongoing, and the number of impacted individuals is subject to change. Affected current and former employees have been notified by mail.

Chipotle's response

After identifying the breach, Chipotle took steps to investigate the incident and limit further exposure of personal information. In response to the breach, the company is offering complimentary Kroll Identity Monitoring services to impacted individuals.

If you receive notification from Chipotle about this breach, you may want to:

• Sign up for the free Kroll Identity Monitoring services, offered by Chipotle.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For affected individuals with questions, Chipotle has set up a call center at 844-574-1154, Monday through Friday, 9 a.m. to 6:30 p.m. ET.