Chipotle Mexican Grill is coming clean about a cyber-attack that targeted the chain last month.

An extensive investigation lead by leading cyber security firms, law enforcement and the payment card networks revealed that malware accessed payment card data used at point-of-sale (POS) devices at certain Chipotle and Pizzeria Locale restaurants between March 24 and April 18. Not all locations were involved, and the specific timeframes vary by location, according to the chain.

This is a more extensive description than the company’s initial report. Last month, Chipotle revealed that it detected “unauthorized activity” on its payment processing network, according to CNBC.

Specifically, the software searched for track data —which can include cardholder names, card numbers, expiration dates, and internal verification code — which is embedded in a payment…