Chili’s parent company Brinker International announced Saturday that malware on some of the chain’s payment systems may have harvested customers’ credit card information.
The theft, according to Brinker’s analysis so far, was limited in both severity and scale. Only credit and debit card data, including customer names, was compromised—luckily, Chili’s doesn’t ask for your social security number or date of birth when they sell you a burger. The chain also says only “certain” restaurants were impacted, and only in March and April of 2018, though they are still working with security experts to evaluate the incident.
Given the widespread nature of credit card theft, and the increasing sophistication with which card issuers use automated systems to detect fraudulent transactions, some victims might not even notice their credit card information has been stolen. But, “out of an abundance of caution,” Brinker is still encouraging recent Chili’s customers to keep an eye on their bills and credit reports. Brinker has not yet released a specific list of which Chili’s locations were impacted by the malware.
Get Data Sheet, Coins2Day’s technology newsletter.
The announcement of the breach came just a day after Brinker says it discovered it, and just a few weeks after it reportedly occurred. That’s a marked improvement over some recent reactions to much more widespread data breaches, including Facebook’s decision to inform neither users nor the Federal Trade Commission about the leak of user data in the Cambridge Analytica scandal until it was discovered by reporters. While U.S. States have a patchwork of laws requiring notification of a data breach, no federal standard is in place.
Chili’s says they “have no reason to believe” there are any further threats that make using a credit card at the chain risky now that the malware attack has been neutralized.