If you have eaten at Chili’s restaurants within the past two months, then you might want to check your credit report and card statements.
Chili’s parent company, Brinker International, announced over the weekend that customers’ payment information was exposed in a recent malware attack.
Brinker did not disclose how hackers gained unauthorized access to its systems, how many customers or restaurants were targeted or the exact dates when the personal data may have been exposed.
“While the investigation is still ongoing, we believe that malware was used to gather payment card information, including credit or debit card numbers and cardholder names, from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants,” Brinker said in a statement Saturday.
Brinker said Chili’s does not collect Social Security numbers, dates of birth or state identification numbers full date of birth, so that data was not compromised.
The Dallas-based company is the latest restaurant to disclose a data breach. Last month Panera Bread acknowledged that data of some customers including names, addresses and the last four digits of credit card numbers were vulnerable on its website for at least eight months. Earlier this year Applebee’s found malware on its payment systems in 167 locations across 15 states, potentially exposing customer credit card data. The barrage of data breaches at restaurants and other businesses highlights the heightened risks of identity theft and the continued vulnerabilities presented by payment systems, databases of customer information, and mobile apps.
Brinker said it first learned of the breach on Friday, the same day it first disclosed the breach. The company said it has notified law enforcement agencies and is working with independent experts to investigate and determine which customers were affected.
While it is not clear how many of Chili’s 1,600 locations were affected, the company still urged customers “out of an abundance of caution” to take steps to protect their information. Those recommendations included placing a fraud alert on your credit file with the three national credit reporting agencies, Equifax, Experian and TransUnion, and reviewing personal bank account information for suspicious activity. The company is also working to provide credit monitoring and fraud resolution service for the customers who may have had their data stolen, the company said.
“We sincerely apologize to those who may have been affected and assure you we are working diligently to resolve this incident,” the company said in its Friday notice.
On Brinker’s website, the company touts Chili’s as a “technology pioneer leading the industry in the creation of the digital guest experience.” In 2013, Chili’s began rolling out tablets at tables in their restaurants, allowing customers to browse the menu and pay their bills. Every Chili’s restaurant table, numbering more than 70,000 now has a tablet, according to Brinker’s website. Tabletop Media, the company behind the devices, did not immediately respond to a request for comment.
Under the heading “Technology Innovation,” Brinkler’s webpage on Chili’s reads: “Chili’s approach to technology innovation is simple – build an infrastructure and keep the digital Guest experience at its core.”
Brinker did not immediately respond to a request for comment Monday.