Content, Breach, Malware

Chili’s Data Breach: Customers’ Payment Card Information Compromised

Chili's Grill & Bar experienced a "data incident" that compromised some of its customers' payment card information, according to a prepared statement from parent company Brinker International. The restaurant chain learned about the incident Friday.

The Chili's breach may have occurred between March and April 2018, Brinker indicated. Chili's officials said they believe malware was used to obtain customers' payment card information, including credit or debit card numbers and cardholder names, from the company's payment-related systems for in-restaurant purchases.

Upon learning about the breach, Chili's activated its response plan, Brinker pointed out. Chili's is working with third-party forensics experts to investigate the data breach, and law enforcement has been notified about the incident.

The investigation into the Chili's data breach is ongoing, Brinker noted. Chili's also is working to provide fraud resolution and credit monitoring services to customers who may have been affected by the breach.

Chili's has more than 1,300 locations in 33 countries, and the restaurant chain serves more than 281 million customers annually.

Applebee's, Sonic Drive-In Suffer POS Data Breaches

In addition to Chili's, other restaurant chains have experienced recent point-of-sale (POS) data breaches.

Applebee's in March discovered and removed malware on POS systems across nearly 170 restaurant locations, according to a security & data incident notice from parent company RMH Franchise Holdings. The malware was found on Feb. 13, 2018 and enabled cybercriminals to capture customers' credit or debit card numbers, cardholder names and other payment card information.

Sonic Drive-In in September indicated that some of its customers' credit and debit card numbers may have been acquired without authorization as part of a malware attack. The restaurant chain has offered free fraud detection and identity theft protection services to customers who may have been impacted by the incident.

What Can MSSPs Learn from Recent Restaurant Data Breaches?

Cyber risk is increasing for companies across all industries, including the restaurant sector. Fortunately, MSSPs can provide security services to protect restaurants against POS cyberattacks.

MSSPs can offer endpoint security, file integrity monitoring, security information and event management (SIEM), unified threat management and other security services to restaurants. Together, these services empower MSSPs to quickly identify POS cyberattacks and ensure restaurants are protected against rapidly evolving cyber threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.