Malware used to gather payment card information

Chili’s Grill & Bar, the Dallas-based casual dining chain with more than 1,600 locations in 31 countries, has alerted its customers to a data breach that may have resulted in their payment card details being compromised.

According to Chili’s parent company, Brinker International, third-party forensic experts have been drafted in to conduct an investigation into the breach, which is thought to have taken place between March and April 2018.

“While the investigation is still ongoing, we believe that malware was used to gather payment card information, including credit or debit card numbers and cardholder names, from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants,” the company stated.

The number of potentially affected customers has not yet been disclosed, although Brinker said it has determined that the incident impacted “certain Chili’s restaurants and did not affect all guests”.

With more than 1,250 locations across the US, Chili’s is a well-recognized brand in its home market, with the chain reporting revenues of $2.7 billion last year.

While the true scope of the incident is yet to be determined, the fact that the chain issued an alert just one day after discovering the breach goes some way to confirming its commitment to customer transparency.