Chili's Grill & Bar is offering a side order of free credit monitoring with a purchase from any Chili's restaurant during March and April of this year. The chain announced on Friday, May 11, that customers who paid with a credit card or debit card during those two months may have had their personal data exposed during a malware attack.
Brinker International, Chili's parent company, released a statement Friday night, the same day they learned of the security breach. The company updated the statement on Tuesday with additional information, including information on actions customers potentially affected should take. The Dallas-based company doesn't know yet exactly how the Chili's data breach occurred or how many customers might have had their personal information taken. They are working with third-party forensic experts to investigate what happened.
In their statement, the company says, "The investigation into this incident is ongoing; however, based on the details currently uncovered, we believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili's restaurants. Currently, we believe the data incident was limited to between March - April 2018; however, we continue to assess the scope of the incident."
In addition to investigating the scope of the Chili's data breach, the company notified law enforcement and is also working with the company ID Experts to provide fraud resolution and credit monitoring services to guests that may have been impacted.
While it's important to note that they don't know the scope of the information taken yet and so customers can't be certain if they are the victims of identity theft, there are a few precautions Chili's customers (and others) can take.
First, while Chili's says they may email customers (if they have an email address) about the incident in the future, they have not yet done so. If you receive an email that says it's from Chili's about the data breach, it may be a scam email. Do not open any attachments, click on any links in the email, or reply to the email's sender.
In addition, Chili's is not calling customers by phone. If you receive a call about the incident, do not give your personal information out. Chili's does not collect social security numbers, full date of birth, or federal or state identification numbers; that information was not compromised as part of the breach and there's no reason for the company to ask for it.
If you visited Chili's and paid with a credit or debit card recently, the company has set up a call center and website to help answer your questions and enroll you in the credit monitoring service. The number for the call center is (888) 710-8606 and the website address is https://ide.myidcare.com/ChilisDataIncident.