Chili’s restaurants has just served up something rather unpalatable for its customers: News of a data hack involving the harvesting of diners’ payment information.
Parent company Brinker International said on Saturday that “some” of its 1,500-plus Chili’s restaurants had been targeted in a malware attack. Stolen data includes credit and debit card numbers as well as cardholder names from payment systems used for on-site purchases at the Tex-Mex restaurants.
The security breach was discovered on Friday, Brinker said, adding that it believes the incident took place between March and April of this year. An investigation into the matter is still underway.
Customers who fear their data may have been nabbed in the malware attack are being advised to monitor their bank and credit card statements to ensure their accounts are operating as usual. “If you notice any suspicious activity or you believe your information is being misused, please contact your bank,” Brinker said in a statement.
The company explained that even if you used a payment card at a Chili’s restaurant in March or April, it doesn’t necessarily mean your payment details were stolen.
But “out of an abundance of caution,” Brinker advised anyone who visited a Chili’s restaurant within that time frame to consider taking a number of steps. These include adding a 90-day fraud alert statement to your credit file at one of three national credit-reporting agencies, namely Equifax, Experian, and TransUnion.
Doing so means that all creditors should make direct contact with you before any new accounts can be opened in your name. By contacting one of the agencies, customer details will be automatically shared with the other two agencies, Brinker said.
Chili’s is the latest in a string of retail firms to be hit by a security breach. In the last couple of years alone, the likes of Sears, Kmart, Whole Foods, and Under Armour have been targeted in one way or another. Going back a little further, Home Depot and Target have suffered huge hacks that affected millions of customers.
Stolen data often ends up on the dark web where it’s traded among individuals and groups who use it for a range of purposes.
Brinker promised to update this webpage with new information about its investigation as and when it comes to light.