Malware Attack Swipes Payment Card Information at Chili's Restaurants

Chili’s Grill & Bar has opened an investigation after discovering unauthorized access of payment card data of consumers who visited the restaurant chain between March and April of this year.

According to Dallas-based Brinker International, Inc., the corporate owner of Chili’s Grill & Bar, officials learned of the payment card data breach a few days ago on May 11.

In a statement released by the corporation, officials said they are continuing to assess the scope of the breach. “Upon learning of this incident, we immediate activated our response plan. We are working with third-party forensic experts to conduct a thorough investigation to determine the details of what happened. Law enforcement has been notified of this incident and we will continue to fully cooperate.”

Included in the information released by Brinker, officials believe “that malware was used to gather payment card information, including credit or debit card numbers and cardholder names, from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants.”

According to the company, it is unclear how many Chili’s restaurants were impacted by the malware attack, or how many restaurant guests were affected by the payment card data breach.

Security experts are giving Brinker a lot of credit for notifying the public quickly. “A breach is always bad news, but perhaps the silver lining here is the how quickly the breach was discovered and customers were notified. This gives hackers less time to exploit the stolen debit and credit cards and makes the breach less valuable to criminals,” said CMO of VASCO Data Security, John Gunn.

One security expert believes it’s time to view data breach stopgap measures in a different way.

“Attack and breach prevention requires a new approach today, and many businesses simply do not have the ability to stop cybercriminals before they do legitimate damage, as evidenced by the recent onslaught of restaurant chain data breaches,” said Mark Cornwell, CIO, Netsurion, a provider of managed security services for multi-location businesses, and EventTracker, a SIEM provider.

Cornwell continued, “Many restaurant chains set up a firewall as a basic security measure and believe their networks will be sufficiently protected. In today’s cyber world, perimeter-focused prevention like firewalls and signature-based protection like anti-virus is simply insufficient. A next-generation firewall is a fundamental security component. A modern, effective security solution must be multi-layer and actively managed. Restaurant brands and franchisees should seriously consider solutions that include a managed security information and event management (SIEM) solution that contains endpoint threat detection and response for high-valued endpoints like point of sales systems.”

Brinker officials stated that personal information was not compromised by the payment card breach. In the meantime, Brinker advises consumers to monitor their credit card and credit union statements for accuracy.