I am appalled at the attempt by Chipotle to downplay the scope and scale of the incident. The sentence which reads, " Not all locations were involved, and the specific time frames vary by location", is a blatant attempt to deflate the significance of the problem. This public disclosure should have been more direct, and disclose in plain language the number of stores affected. Chipotle should explain the full impact in plain language: "2,249 out of X,XXX Chipotle restaurants were compromised."
They are international now, right? I at least think I have memory of running across them in Canada.
The file name in question (thanks, heywire) is "us.json". I'm left wondering whether and how much of an international scope there might be to this.
While the version of their web site that I'm receiving by default seems to be geo-centric to the U.S. and doesn't mention foreign locations, Wikipedia has:
Chipotle Mexican Grill, Inc. (/tʃᵻˈpoʊtleɪ/)[6] is an American chain of fast casual restaurants in the United States, United Kingdom,[7] Canada,[8][9] Germany,[10] and France