If you’ve eaten at a Chipotle in the last few months, your credit card info could have been stolen. The restaurant chain posted a warning on its site today, telling customers to be on the lookout for credit card fraud.
Chipotle says the hackers used malware designed to access data on point-of-sale devices between March 24, 2017 and April 18, 2017:
The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device.
Chipotle insists that not all of its restaurants were breached, but when The Verge reports that it was “most” of them. The Chipotle site also has a tool you can use to determine if the one in your town was effected, though it warns “not all locations were identified, and the specific time frames vary by location.”
Read next: Snap just bought a drone company