The Washington PostDemocracy Dies in Darkness

I want my data back, data back, data back: Chili’s hit by data breach

May 14, 2018 at 5:40 p.m. EDT
A customer walks toward the entrance of a Brinker International Inc. Chili's Grill & Bar restaurant in San Antonio on Monday, May 7. (Callaghan O'Hare/Bloomberg News)

If you have eaten at Chili's restaurants within the past two months, then you might want to check your credit report and card statements.

Chili's parent company, Brinker International, announced over the weekend that customers' payment information may have been exposed in a malware attack.

Brinker did not disclose how many customers were affected or how hackers gained unauthorized access to its systems.

"While the investigation is still ongoing, we believe that malware was used to gather payment card information, including credit or debit card numbers and cardholder names, from our payment-related systems for in-restaurant purchases at certain Chili's restaurants," the Dallas-based company said in a statement Saturday.

Brinker said Chili’s does not collect Social Security numbers, dates of birth or state identification numbers full date of birth, so that data was not compromised.

Chili’s is the latest restaurant to suffer a data breach. Panera Bread recently acknowledged that data belonging to some customers were vulnerable on its website for at least eight months. The data included names, addresses and the last four digits of credit card numbers. Earlier this year Applebee's found malware on its payment systems in 167 locations across 15 states, potentially exposing customer credit card data. The barrage of data breaches at restaurants and other businesses highlights the heightened risks of identity theft and the continued vulnerabilities presented by payment systems, databases of customer information, and mobile apps.

Brinker said it first learned of the breach on Friday, the same day it first disclosed the breach. The company said it has notified law enforcement agencies and is working with independent experts to investigate to investigate the issue.

Brinker pointed to Friday's statement after being asked about updates on the data breach.

While it is not clear how many of of Chili's 1,600 locations were affected, Brinker still urged customers "out of an abundance of caution" to take steps to protect their information. Those recommendations included placing a fraud alert on your credit file with the three national credit reporting agencies, Equifax, Experian and TransUnion, and reviewing personal bank account information for suspicious activity. The company said it is also working to provide credit monitoring and fraud resolution service for the customers who may have had their data stolen.

"We sincerely apologize to those who may have been affected and assure you we are working diligently to resolve this incident," the company said in its Friday notice.

On Brinker's website, the company touts Chili's as a "technology pioneer leading the industry in the creation of the digital guest experience." In 2013, Chili's began rolling out tablets at tables in their restaurants, allowing customers to browse the menu and pay their bills. Every Chili's restaurant table, numbering more than 70,000 now has a tablet, according to Brinker's website. Tabletop Media, the company behind the devices, did not  respond to a request for comment.

Under the heading "Technology Innovation," Brinker's webpage on Chili's reads: "Chili's approach to technology innovation is simple – build an infrastructure and keep the digital Guest experience at its core."