Skip navigation
Chili’s data breach impacts customer payment information

Chili’s data breach impacts customer payment information

Malware attack occurred at undisclosed number of company restaurants

Brinker International Inc., the parent company of Chili's Grill & Bar, said credit or debit card information from customers was stolen after a hacking incident at corporate Chili’s restaurants.

Dallas-based Brinker released a statement about the breach late Friday, the same day it discovered the hack. The “data incident” occurred between March and April 2018, the company said. However, Brinker didn’t provide certain details tied to the hack, including how many potential customers might be impacted and the number of restaurants involved. 

“We continue to assess the scope of the incident,” the company said.

Brinker said malware was used to gather payment card information from its payment-related systems for in-restaurant purchases made at certain Chili's restaurants. Since Chili’s does not collect Social Security numbers, the company said that kind of “personal information was not compromised.”

Brinker declined to say how many restaurants were involved.

Once the company discovered the breach, Chili’s said it activated a response plan that includes working with “third-party forensic experts to conduct a thorough investigation to determine the details of what happened.”

Law enforcement officials have also been notified.

“We deeply value our relationships with our guests and our priority remains doing what is right for them. We are committed to sharing additional information on this ongoing investigation,” the company said.

Brinker is working to provide fraud resolution and credit monitoring services for customers who might be impacted by the breach.

As of March 28, Brinker International owned, operated and franchised 1,686 restaurants, including 1,634 Chili’s units and 52 Maggiano’s locations.

Contact Nancy Luna at [email protected] 

Follow her on Twitter: @FastFoodMaven

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.