Chili’s customers may have fallen victim to a malware attack that affected a number of credit and debit cards used in several restaurants, confirmed parent company Brinker International on Saturday. The malware allegedly collected not only payment card details, but also customers’ names. Because Chili’s does not collect Social Security numbers, full dates of birth or federal ID data, these were not compromised.
Brinker brought in an external forensic team to investigate the incident, but so far it is believed the attack took place between March and April. Also, the company said, simply because customers used their cards in the affected facilities does not mean their data was exposed. The investigation will determine who is responsible and how the incident actually took place.
“On May 11, 2018, we learned that some of our Guests’ payment card information was compromised at certain Chili’s restaurants as the result of a data incident,” said Brinker International in a press release. “Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident. We deeply value our relationships with our Guests and sincerely apologize to those who may have been affected.”
As the breach was detected on Friday, customers are strongly advised to check their bank statements for illegal transactions and to immediately contact their bank if fraud is suspected. Brinker offers free credit monitoring and fraud resolution for customers whose payment card data was stolen.
It seems hackers have made a habit of going after popular restaurants, shops and hotel chains, as Sears, Kmart, Whole Foods, Under Armour, Home Depot and Target have also suffered security breaches recently. So far there’s no evidence to suggest the data stolen from Chili’s has been put on sale on the dark web.