Chili's Grill & Bar has opened an investigation after discovering unauthorized access of payment card data of consumers who visited the restaurant chain between March and April of this year.

According to Dallas-based Brinker International, Inc., the corporate owner of Chili's Grill & Bar, officials learned of the payment card data breach a few days ago on May 11.

In a statement released by the corporation, officials said they are continuing to assess the scope of the breach. “Upon learning of this incident, we immediate activated our response plan. We are working with third-party forensic experts to conduct a thorough investigation to determine the details of what happened. Law enforcement has been notified of this incident and we will continue to fully cooperate.”

Included in the information released by Brinker, officials believe “that malware was used to gather payment card information, including credit or debit card numbers and cardholder names, from our payment-related systems for in-restaurant purchases at certain Chili's restaurants.”

According to the company, it is unclear how many Chili's restaurants were impacted by the malware attack, or how many restaurant guests were affected by the payment card data breach.

Security experts are giving Brinker a lot of credit for notifying the public quickly. “A breach is always bad news, but perhaps the silver lining here is the how quickly the breach was discovered and customers were notified. This gives hackers less time to exploit the stolen debit and credit cards and makes the breach less valuable to criminals,” said CMO of VASCO Data Security, John Gunn.

One security expert believes it's time to view data breach stopgap measures in a different way.

“Attack and breach prevention requires a new approach today, and many businesses simply do not have the ability to stop cybercriminals before they do legitimate damage, as evidenced by the recent onslaught of restaurant chain data breaches,” said Mark Cornwell, CIO, Netsurion, a provider of managed security services for multi-location businesses, and EventTracker, a SIEM provider.

Cornwell continued, “Many restaurant chains set up a firewall as a basic security measure and believe their networks will be sufficiently protected. In today's cyber world, perimeter-focused prevention like firewalls and signature-based protection like anti-virus is simply insufficient. A next-generation firewall is a fundamental security component. A modern, effective security solution must be multi-layer and actively managed. Restaurant brands and franchisees should seriously consider solutions that include a managed security information and event management (SIEM) solution that contains endpoint threat detection and response for high-valued endpoints like point of sales systems.”

Brinker officials stated that personal information was not compromised by the payment card breach. In the meantime, Brinker advises consumers to monitor their credit card and credit union statements for accuracy.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Michael Ogden

Editor-in-Chief at CU Times. To connect, email at [email protected]. As Editor-in-Chief of CU Times since 2016, Michael Ogden has led the editorial team in all aspects of content strategy and execution, including the creation of the publication’s exclusive and proprietary research database of the credit union industry’s economic landscape. Under Michael’s leadership, CU Times has successfully shifted to an all-digital editorial product with new focuses on the payments, fraud, lending and regulatory beats. Most recently, he introduced a data-focused editorial product for subscribers that breaks down credit union issues into hard data, allowing for a deeper and more factual narrative for readers. In 2024, he launched the "Shared Accounts With CU Times" podcast, which offers a fresh, inside-the-newsroom perspective through interviews with leaders from the credit union industry and the regulatory world. He dives into pressing credit union issues, while revealing the personalities working behind-the-scenes to push the credit union world forward. His background includes years as a radio and TV anchor/reporter and a public relations and digital/social media manager, where he covered the food and music industries, as well as cooperatives and credit unions. Over the years, he has launched numerous exclusive video and podcast series, including a successful series of interactive backstage interviews with musicians at music festivals, showcasing his social media and live streaming production skills.