Chili’s Grill & Bar says that a “data incident” may have exposed customers’ credit card information and it is working with third-party forensic experts to determine the extent of the breach.
Chili’s parent company, Brinker International, said Friday that “some Chili’s restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of your payment card data.”
The breach was found on Friday and is thought to have happened earlier this year.
“Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident,” the notice said. “We deeply value our relationships with our guests and sincerely apologize to those who may have been affected.”
Brinker said that it thinks “malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants.”
The company also stressed that certain personal details weren’t “compromised.”
“Chili’s does not collect certain personal information (such as Social Security number, full date of birth, or federal or state identification number) from guests,” it said. “Therefore, this personal information was not compromised.”
Brinker also mentioned other steps it is taking.
“We are working with third-party forensic experts to conduct an extensive investigation to confirm the nature and scope of this incident,” it said. “Law enforcement has been notified of this incident and we will continue to fully cooperate.”