If you had dinner at Chili’s in March or April, your credit card data might be in danger
Brinker International reported that on May 2018 their restaurant chain Chili’s was hit by data-stealing malware. The issue is still under investigation. However, it’s clear that a Point of Sale malware affected restaurant’s payment system and stolen customers’ credit card information:
<…> malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants.
According to the latest reports, malware was hiding in the payment systems between March and April 2018. Currently, the virus seems to be wiped out from Chili’ s system, and customers should not withdraw cash in order to have a dinner at this restaurant safely. The company says that it’s safe to use credit and debit cards.
However, if you had a delicious meal there during the last two months, you should monitor your banking transactions and make sure that anyone is not using your credit card for shopping on your behalf.
Email scammers might take advantage of Chili’s data breach
The scale of Chili’s data breach is still unknown. Brinker International operates more than 1,600 restaurants around the world, and it’s not revealed which ones have been compromised. Additionally, the number of impacted customers are also a secret. However, the company tells that victims will be contacted directly.
However, Chili’s warn that scammers might take advantage of the situation and send fraudulent emails to people. The company indeed contact victims of the data breach via email. However, the official Chili’s emails do not:
- ask to click on any links;
- ask to reply to the email or contact the company;
- ask to update or check information on the website (such sites are created for phishing attempts and steal personal information);
- include any email attachments.
Therefore, if you receive a suspicious email related to the Chili’s data breach, you need to be careful and do not get yourself into bigger problems. If you were involved in the brach, you should monitor money flows on your bank account or take advantage of Chili’s offer to get a free identity theft protection.
Chili’s follows Applebee's and Panera Bread’s customers’ data breaches
Creators of malware quite actively target restaurants this year. Hence, Chili’s data breach is not the first case this year. On March, Point of Sale malware was detected on Applebee’s restaurant systems. RMH Franchise Holdings reported that malware affected 167 locations in 15 states, including Alabama, Indiana, Ohio, etc.:
“Based on the experts’ investigation, RMH believes that unauthorized software placed on the point-of-sale system at certain RMH-owned and -operated Applebee’s restaurants were designed to capture payment card information and may have affected a limited number of purchases made at those locations”
On April 2018, Panera Bread reported about massive data breach on their website. 37 million customers information was leaked in 8 months. However, the accident could have been avoided if company’s CIO wouldn’t have ignored the issue. In August 2017, security researcher detected a vulnerability on panerabread.com website and reported it to company's CIO John Meister.
The increasing number of data breaches should motivate companies and organizations to strengthen protection of customer’s information. During the last couple of years, different types of data-stealing malware affected carwash systems, hotels, grocery or clothing stores, and many other businesses. However, switching to cash only and deactivating all loyalty cards are not convenient options for modern customers.