Chili's reports payment card data breach

Did you go to a Chili's Bar and Grill early this year? If so, you may want to examine your credit and debit card.

In a statement released Saturday on its Facebook and Twitter pages, the restaurant chain announced that it discovered that some of its guests' payment card information was compromised. Malware was possibly used to scrape credit card and debit card numbers and names from the chain's payment systems for in-restaurant purchases.

The restaurant believes that the data was only limited to between March and April of 2018. Officials said they are working to figure out how many people were affected by the data breach.

Read more of Chili's statement on the data breach below and check out their website for more up-to-date information about the breach

What Happened? On May 11, 2018, we learned that some of our Guests’ payment card information was compromised at certain Chili’s restaurants as the result of a data incident. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident. We deeply value our relationships with our Guests and sincerely apologize to those who may have been affected.

We immediately activated our response plan upon learning of this incident. We are working with third-party forensic experts to conduct an investigation to determine the details of what happened. Below is information on how you can protect yourself and your information.

We are working diligently to address this issue and our priority will continue to be doing what is right for our Guests. We are committed to sharing additional information on this ongoing investigation with our Guests as we learn more.

What Information Was Involved? Based on the details of the issue currently uncovered, we believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident.

Chili’s does not collect certain personal information (such as social security number, full date of birth, or federal or state identification number) from Guests. Therefore, this personal information was not compromised.

What Are We Doing? We are working with third-party forensic experts to conduct an extensive investigation to confirm the nature and scope of this incident. Law enforcement has been notified of this incident and we will continue to fully cooperate. We are working to provide fraud resolution and credit monitoring services for those Guests who may have been impacted. This website will be updated when this information becomes available. We are committed to sharing additional information with our Guests as we learn more and providing resources for you about this incident.

Up Next:


  • Popular

  • Recent

Stories you may be interested in - includes advertiser stories