Chipotle Payment Card Data Breach: Financial Institutions File Leapfrog Suit
2 Minute Read
Categories: Class Action, Privacy & Cybersecurity
On May 26, 2017, Alcoa Community Federal Credit Union (“Alcoa”), on behalf of itself, credit unions, banks and other financial institutions, filed a nationwide class action against Chipotle Mexican Grill, Inc. (“Chipotle”). The case arises from a breach of customer payment card data. The putative class consists of all such financial institutions that issued payment cards, or were involved with card-issuing services, for customers who made purchases at Chipotle from March 1, 2017, to the present. Plaintiffs allege a number of “inadequate data security measures,” including Chipotle’s decision not to implement EMV technology.
Alcoa asserts claims for negligence and negligence per se. Both claims rest on, among other bases, a purported violation of Section 5 of the FTC Act. Alcoa also requests declaratory and injunctive relief. The alleged damages include the costs of providing replacement cards, costs for consumer fraud monitoring, reimbursement of fraudulent charges, and costs due to lost interest and transaction fees due to reduced card usage.
Very few financial institution cases have been filed in the wake of consumer data breaches. However, such cases have been increasing due to a number of payment card data breaches in fairly rapid succession, including many massive breaches. These circumstances can create added costs for financial institutions that may not be fully recoverable through their direct relationships with the card brands. Additionally, because the financial institutions typically do not have contractual relationships with the breached merchants, some have chosen to leapfrog the various recovery processes established by the card brands by alleging non-contractual common law tort claims such as negligence and negligence per se.
You May Also Be Interested In
2 Minute Read
April 6, 2026
On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit held that the 2024 amendment to Illinois’ Biometric Information Privacy Act, limiting damages, applies retroactively to pending cases.
3 Minute Read
March 16, 2026
The results are in: attorneys are filing more employment law cases in court. Indeed, year-end reporting from legal databases like LexMachina confirm that the pace of filing new employment discrimination cases reached its highest level in 2025, surpassing 20,000 new filings nationwide. Though overtime and minimum wage lawsuits under the Fair Labor Standards Act (FLSA) have continued to decline since 2015, discrimination cases under laws like Title VII of the Civil Rights Act of 1964 and the Americans with Disabilities Act are on the rise.
1 Minute Read
February 20, 2026
A recent federal court decision determined that documents created by a criminal defendant using AI and subsequently shared with legal counsel were not shielded by attorney-client privilege or the work product doctrine. In USA v. Heppner, Judge Jed S. Rakoff of the U.S. District Court for the Southern District of New York compelled the disclosure of 31 documents created with Anthropic’s Claude. This order was issued despite the defendant including information from counsel in the AI tool’s input and later providing the resulting outputs to his attorneys. The ruling offers early judicial perspective on privilege concerns involving AI-generated materials, an area where case law remains sparse.
1 Minute Read
February 18, 2026
A recent federal court ruling held that AI-generated documents prepared by a defendant and later shared with legal counsel were not protected by attorney-client privilege or the work product doctrine.
Search
Recent Posts
Categories
- Advertising & Marketing
- Bankruptcy
- Class Action
- Competition/Antitrust
- Consumer Protection
- Corporate Governance
- Environmental
- General
- Health Care
- Insurance
- IP
- Labor and Employment
- Mergers & Acquisitions
- News & Events
- Patent Infringement
- Patents
- Privacy & Cybersecurity
- Product Liability
- Real Estate
- Regulatory
- Technology & E-Commerce
Tags
- 29 C.F.R. § 785.48
- 396-r
- 3D Printer
- 3D Printing
- A. Todd Brown
- A.S. Research (ASR)
- Aaron P. Simpson
- Accountability
- Administrative Agencies
- Administrative Exemption
- Advertisers
- Advertising
- Advertising Claims
- Advertising Guidelines
- Advertising Idea
- Agency Guidance
- Agency Principles
- AI
- AI Interviewing Platforms
- AI Technology Reviews
- AIA
- Air
- Algorithmic Accountability Act
- Align
- Americans with Disabilities Act
- Americans with Disabilities Act (ADA)
- Andrea DeField
- Ann Marie Buerkle
- Annual Reports
- anti-aging
- Anti-Discrimination
- APEX Agreement
- Arbitration
- Arbitration Agreements
- Arizona
- Arkansas
- Arthritis
- Artificial Intelligence
- Artificial Intelligence (AI)
- Asbestos
- Assembly Bill 51 (AB 51)
- ATDS
- Australia
- Auto-renewals
- Automatic Telephone Dialing System (ATDS)
- Automobile
- Automotive Body Parts Association (ABPA)
- Back to Work Emergency Ordinance
- biased endorsements
- Biden Administration
- Biometric Data
- Biometric Information
- Biometric Information Privacy Act (BIPA)
- BIPA
- Bitcoin
- Blockchain
- Board Diversity Disclosure
- Boards of Directors
- Bonuses
- Braille
- Branding
- Breach
- Breach of Contract
- Business Interruption
- Business Interruption Loss
- Businessowner’s Insurance
- Buy Now, Pay Later
- California
- California Air Resources Board
- California Assembly Bill 2011
- California Employment Laws
- California Fair Employment and Housing Act
- California False Claims Act
- California Labor Code
- California Legislation
- California Senate Bill 6
- California’s Unfair Competition Law
- CAMS
- Canada
- Cannabis
- CARB
- CBD
- CBP
- CCPA
- Celebrity Endorsers
- Center for Disease Control (CDC)
- CFIUS
- CGL
- Chatbot
- Children’s Advertising
- Children’s Advertising Review Unit
- Children’s Online Privacy Protection Act (COPPA)
- China
- Christopher J. Dufek
- Christopher W. Hasbrouck
- Christy Kiely
- CIPA
- Class Action
- Class Action Litigation
- Class Actions
- Clawback
- Click-to-Cancel
- Climate Change
- Climate Disclosure
- clinical trials
- Collective Action
- Colorado
- Commerce Clause
- Commercial General Liability
- Commercial Leasing
- Commercial Messaging
- Commercial Products
- Commercial Real Estate
- Commodity Futures Trading Commission
- Compensation
- Compliance
- Confidentiality
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Advertising
- Consumer Data
- Consumer Financial Protection Bureau
- Consumer Fraud
- consumer loyalty program
- Consumer Privacy
- Consumer Product Safety Act
- Consumer Products
- Consumer Products Safety Commission (CPSC)
- Consumer Protection
- Consumer Review Fairness Act of 2016 (CRFA)
- Consumer Reviews
- Consumer Rights
- Contamination
- Contract Law
- Controlled Substance Act
- Cookies
- Cookware
- COPPA
- Copyright
- Coronavirus/COVID-19
- Corp Fin
- Corporate Governance
- Corporate Reporting
- Corporate Sustainability
- Corporate Transparency Act (CTA)
- Costco
- Counterfeit Goods
- Counterfeit Goods Seizure Act of 2019
- Court of International Trade
- CPPA
- CPRA
- CPSA
- CPSC
- Crack House Statute
- CRFA
- Crypto
- Cryptocurrency
- CSPA
- Cuba
- Currency
- Customs and Border Protection
- Cyber
- Cyber Coverage
- D&O
- D&O policies
- D. Andrew Quigley
- Damages
- Data Breach
- Davidson
- Deceptive Advertising
- DEI
- Delaware
- Delivery Drivers
- DEP
- Department of Agriculture
- Department of Justice
- Department of Labor
- Development Impact Fee
- Dietary Guidelines
- Digital Assets
- digital currency
- Disclosures
- Discrimination
- Distribution
- Division of Corporation Finance
- Dodd-Frank
- DOJ
- DOL
- Duty to Defend
- Duty to Indemnify
- e-liquid products
- Eddie Bauer
- EEOC
- Electric Vehicles
- Eleventh Circuit
- Emily Burkhardt Vicente
- Employee Rights
- Endorsement
- Endorsement Guides
- Endorsement Notice
- Endorsements
- endorser monitoring requirements
- Enforcement
- Environmental Impact
- Environmental Protection Agency
- Environmental Protection Agency (EPA)
- EPA
- Epidemic
- ESG
- ESG Disclosure
- EU Regulation
- European Union
- European Unitary Patent
- EV Charging
- Exceptions
- Exclusions
- Executive Compensation Disclosure Rules
- Executive Order
- Executive Orders
- Exercise Machines
- Extended Producer Responsibility (EPR)
- FAA
- Fair Labor Standards Act
- Fair Labor Standards Act (FLSA)
- fair use
- False Advertising
- False Advertising Claims
- False Advertising Law
- False Claims Act
- Family Leave Policies
- FAR
- Fashion Accountability Acts
- FCC
- FCRA
- FDA
- Federal Acquisition Regulations
- Federal Arbitration Act (FAA)
- Federal Communications Commission
- Federal Contractors
- Federal Contracts
- Federal District Court
- Federal Government Contractor
- Federal Government Shutdown
- Federal Trade Commission
- Federal Trade Commission (FTC)
- FFDCA
- FIFRA
- Fifth Circuit
- Final Rule
- Financial Technology
- FinCEN
- FinHub
- Fireworks
- First Amendment
- Fixing America’s Surface Transportation (FAST) Act
- Florida
- Florida House of Representatives (HB 963) and Florida Senate (SB 1670)
- Florida Legislature
- FLSA
- FLSA/Wage & Hour
- FMLA
- Food and Beverage Manufacturers
- Food and Drug Administration (FDA)
- Food Delivery
- Food Safety
- Form 10-K
- Formaldehyde Standards for Composite Wood Products Act of 2010
- fractional interests
- Franchise
- Frederic Chang
- Free Trials
- FTC
- FTC Act
- Gavin Newsom
- GDPR
- General Liability
- Geoffrey B. Fehling
- Georgia
- Gift Cards
- GoodRx
- Gramm-Leach-Bliley (GLB) Act
- Green
- Green Guides
- Greenhouse Gas
- Gun Safety
- Hart-Scott-Rodino
- Hart-Scott-Rodino (HSR)
- Hashtag
- Hawaii
- Health Care
- Health Claims
- Hedge Fund
- HIPAA
- hoverboards
- human capital
- Human Rights
- IEEPA
- Illinois
- Illinois Artificial Intelligence Video Interview Act (the Illinois Act)
- Illinois Biometric Information Privacy Act (BIPA)
- Independent Contractors
- Indiana
- Indoor Mall
- Influencer Marketing
- Infringement
- initial public offerings (IPOs)
- Injury
- Insurance
- Insurance Loss
- Insurance Provider
- Intellectual Property
- Intellectual Property Licenses in Bankruptcy Act
- Inter Partes Review
- Interest Rate
- International
- International Trade Commission
- International Trade Commission (ITC)
- Internet
- Inventorship
- investigation
- INVISALIGN
- Iowa
- IP
- IPR
- Ireland
- IT
- ITC
- iTERO
- Job Posting
- Junk Fees
- Katherine Miller
- Kurt A. Powell
- Kurt G. Larkin
- Labeling
- Labeling Requirements
- Labeling Rules
- Labor
- Labor Code Private Attorneys General Act of 2004 (PAGA)
- Labor Organizing
- Labor Unions
- Land Use
- Landlord
- Latin America
- Lautenberg Act
- Lawsuit Reform Alliance of New York (LRANY)
- Lead
- Lease
- Legislation
- Leveraged Loans
- Liability Insurance Policy
- Liberty Insurance Corporation
- Liberty Mutual Fire Insurance Company
- LIBOR Discontinuation
- liquidity
- Litigation
- Live Chat
- Lost Profits
- Lost Sales
- Louisiana
- Luxury Gyms
- M&A
- Made in the USA
- Made in USA
- MagicSleeve
- Magnuson-Moss Warranty Act
- Magnuson-Moss Warranty Act (MMWA)
- Maine
- Malcolm C. Weiss
- Manufacturing
- Marketing
- Marketing Claims
- Maryland
- Massachusetts
- Matthew T. McLellan
- Maya M. Eckstein
- MD&A
- Medtail
- Membership cancellation
- Mergers & Acquisitions
- Metaverse
- MeToo Movement
- Mexico
- Michael J. Mueller
- Michael S. Levine
- microplastics
- Microplastics Litigation
- Minimum Wage
- Minnesota
- Minnesota Pollution Control Agency (MPCA)
- Misclassification
- Mislabeling
- Mission Product Holdings
- Missouri
- Mobile
- Mobile App
- Motoclick
- Multi-Family Housing Development
- Multi-Level Marketing Program (MLM)
- NAA
- NAD
- NASA
- Nasdaq
- National Advertising Division
- National Advertising Division (NAD)
- National Advertising Review Board
- National Labor Relations Act
- National Labor Relations Board
- National Products Inc.
- National Retail Federation
- Natural Disaster
- Nebraska
- Negligence Claims
- Neil K. Gilman
- Network Outage
- Nevada
- New Jersey
- New York
- New York City Department of Consumer and Worker Protection
- New York Department of Financial Services
- NHTSA
- NIL rights
- Ninth Circuit
- NLRA
- NLRB
- no-action request
- Non-Compete
- Non-Exempt
- Non-Exempt Employees
- non-fungible token (NFT)
- North Carolina
- Nutrition Labels
- Obama Administration
- Occupational Safety and Health Administration (OSHA)
- Occurrence
- Office of Labor Standards Enforcement
- Ohio
- Oklahoma
- Online Cash Providers
- Online Retailer
- Online Reviews
- Opinion Letters
- Opioids
- Opt-Out
- Oregon
- Overboarding
- Overtime
- Overtime Exemptions
- Ownership
- Packaging
- PAGA
- Pandemic
- Patent
- Patent Infringement
- Patents
- Paul T. Moura
- Pay Equity
- Pay Ratio
- Pay Transparency
- Pay-To-Play Rankings
- Penalty
- Pennsylvania
- Penny Shortage
- Personal and Advertising Injury
- Personal Data
- Personal Information
- Personally Identifiable Information
- Pesticides
- PFAS
- Physical Loss or Damage
- Policy
- price gouging
- Primary and Umbrella Policies
- Privacy
- Privacy Guidelines
- Privacy Policy
- Privacy Protections
- Procurement
- Product Liability
- Product Packaging
- Prohibition on Sale
- Property Insurance
- Property Rights
- Proposed Legislation
- Proposition 65
- Proxy Access
- proxy materials
- Proxy Statements
- PTAB
- PTO
- Public Companies
- Purdue Pharma
- Randall S. Parks
- Ransomware
- Real Estate
- Recall
- Recalls
- Recording
- Regulation
- Regulation S-K
- Restaurants
- Restrictive Covenants
- Retail
- Retail Developers
- Retail Development
- Retail Industry Leaders Association
- Retail Litigation Center
- Retail Year in Review
- Retaliation
- Rounding
- Rulemaking
- Ryan A. Glasgow
- Sales Tax
- Salesforce
- SD8 coins
- SEC
- SEC Disclosure
- Second Circuit
- Section 337
- Section 365
- Secure and Fair Enforcement Banking Act of 2019 (“SAFE Banking Act”)
- Securities
- Securities and Exchange Commission
- Securities and Exchange Commission (SEC)
- Securities Exchange Commission
- security checks
- Senate
- Senate Data Handling Report
- Sergio F. Oehninger
- Service Contract Act (SCA)
- Service Interruption
- Service Provider
- SHARE
- Shareholder
- Shareholder Proposals
- Sign-In Wrap Agreement
- Slogan
- Smart Contracts
- SNAP
- Social Media
- Social Media Influencers
- Software
- South Carolina
- South Dakota
- Special purpose acquisition companies (SPACs)
- Sponsors and Gifting
- Sponsorship
- State Attorneys General
- State Law
- State Legislation
- Store Closures
- Subscription Services
- Substantiation
- Substantiation Notice
- Supplier
- Supply Chain
- Supply contracts
- Supreme Court
- Sustainability
- Syed S. Ahmad
- Synovia
- Targeted Advertising
- Tariff
- Tax
- TCCWNA
- TCPA
- Technology
- Technology Innovation
- Telemarketing
- Telephone Consumer Protection Act
- Telephone Consumer Protection Act (TCPA)
- Tempnology LLC
- Tenant
- Tennessee
- Terms and Conditions
- Texas
- The Fair Credit Reporting Act (FCRA)
- Third-Party
- Thomas R. Waskom
- Title VII
- Tokenization
- Tokens
- Toxic Chemicals
- Toxic Substances Control Act
- Toxic Substances Control Act (TSCA)
- Trade Dress
- Trademark
- Trademark Infringement
- Trademark Trial and Appeal Board (TTAB)
- TransUnion
- Travel
- Trends
- Trump Administration
- TSCA
- TSCA Title VI
- U.S. Department of Justice
- U.S. Department of Labor
- U.S. Food and Drug Administration
- U.S. House of Representatives
- U.S. Patent and Trademark Office
- Ultra-Processed Foods
- Umbrella Liability
- Unfair and Deceptive Use
- Union
- Union Organizing
- United Specialty Insurance Company
- Unmanned Aircraft
- Unruh Civil Rights Act
- UPSTO
- US Chamber of Commerce
- US Customs and Border Protection (CBP)
- US Environmental Protection Agency (EPA)
- US International Trade Commission (ITC)
- US Origin Claims
- US Patent and Trademark Office
- US Patent and Trademark Office (USPTO)
- US Supreme Court
- USDA
- USPTO
- Utah
- Varidesk
- Vendor
- Vermont
- Virginia
- Volatile Organic Compound (VOC) Emissions
- W. Jeffery Edwards
- Wage and Hour
- Wage-And-Hour
- Walter J. Andrews
- Warning Labels
- Warranties
- Warranty
- Washington
- Washington DC
- WCAG
- Web Accessibility
- Website
- Website Accessibility
- Weight Loss
- Wiretap
- Wiretapping
- World Health Organization (WHO)
- Wyoming
- Year In Review
- Zoning
- Zoning Conversion
- Zoning Ordinances
- Zoning Regulations
Authors
- Gary A. Abelev
- Alexander Abramenko
- Yaniel Abreu
- Christian S. Adams
- Syed S. Ahmad
- Brandon Bell
- Fawaz A. Bham
- Michael J. “Jack” Bisceglia
- Jennifer L. Bloom
- Jeremy S. Boczko
- Brian J. Bosworth
- Shannon S. Broome
- Samuel L. Brown
- Tyler P. Brown
- Melinda Brunger
- Jimmy Bui
- M. Brett Burns
- Olivia G. Bushman
- Daniel J. Butler
- Matthew J. Calvert
- Grant H. Cokeley
- Abigail Contreras
- Eric S. Crusius
- Christopher J. Cunio
- Alexandra B. Cunningham
- Merideth Snow Daly
- Timothy G. Decker
- Katherine P. Deegan
- Andrea DeField
- John J. Delionado
- Stephen P. Demm
- Mayme Donohue
- Christopher J. Dufek
- Robert T. Dumbacher
- M. Kaylan Dunn
- Chloe Dupre
- Frederick R. Eames
- Maya M. Eckstein
- Rob Edwards
- Tara L. Elgie
- Clare Ellis
- Latosha M. Ellis
- Juan C. Enjamio
- Kelly L. Faglioni
- Ozzie A. Farres
- Geoffrey B. Fehling
- Jason Feingertz
- Hannah Flint
- Erin F. Fonté
- Kevin E. Gaunt
- Jane M. Geiger
- Andrew G. Geyer
- Armin Ghiam
- Neil K. Gilman
- Ryan A. Glasgow
- Tonya M. Gray
- Elisabeth R. Gunther
- Steven M. Haas
- Kevin Hahm
- Jason W. Harbour
- Jeffrey L. Harvey
- Christopher W. Hasbrouck
- Eileen Henderson
- Gregory G. Hesse
- Kirk A. Hornbeck
- Mark Ingram
- Jamie Zysk Isani
- Nicole R. Johnson
- Roland M. Juarez
- James A. Kennedy, II
- Suzan Kern
- Jason J. Kim
- Scott H. Kimpel
- Elizabeth King
- Andrew S. Koelz
- Leslie W. Kostyshak
- P. Reiko Koyama
- Kurt G. Larkin
- Tyler S. Laughinghouse
- Gerry Leone
- Michael S. Levine
- Ashley Lewis
- Abigail M. Lyle
- Maeve Malik
- Eric R. Markus
- John Gary Maynard, III
- Aubrianna L. Mierow
- Gray Moeller
- Reilly C. Moore
- Michael D. Morfey
- Ann Marie Mortimer
- Michael J. Mueller
- J. Drei Munar
- Matthew Nigriny
- Michael A. Oakes
- Justin F. Paget
- Randall S. Parks
- J. Steven Patterson
- Katherine C. Pickens
- Gregory L. Porter
- Robert T. Quackenboss
- D. Andrew Quigley
- Michael Reed
- Jonathan D. Reichman
- Kelli Regan Rice
- Patrick L. Robson
- Amber M. Rogers
- Natalia San Juan
- Arthur E. Schmalz
- Daniel G. Shanley
- Madison W. Sherrill
- Kevin V. Small
- J.R. Smith
- Bennett Sooy
- Brian T. Stansbury
- Daniel Stefany
- Hak Stepanyan
- Javaneh S. Tarter
- Shauna R. Twohig
- Paige Van Oosten
- Jessica N. Vara
- Emily Burkhardt Vicente
- Mark R. Vowell
- Gregory R. Wall
- Thomas R. Waskom
- Malcolm C. Weiss
- Holly H. Williamson
- Samuel Wolff
- Jingyi “Alice” Yao
- Jessica G. Yeshman