Cyber Incident Victim: On the Border Mexican Grill & Cantina

On the Border, a Mexican restaurant chain operating across 28 U.S. states, publicly disclosed a payment system breach on November 26, 2019, following the discovery of malware on its processing infrastructure. The intrusion occurred between April 10 and August 10, 2019, during which attackers harvested customer payment card details from in-restaurant transactions. Compromised data included cardholder names, credit card numbers, expiration dates, and verification codes (CVV/CVC), exposing patrons to potential financial fraud. The malware specifically targeted the chain's point-of-sale systems used for dine-in purchases, with delivery orders and catering transactions processed through separate unaffected channels. The company initiated an investigation upon detecting the breach but did not specify the exact discovery method or timeline for containment.

The breach impacted physical restaurant locations but excluded digital ordering platforms, limiting exposure to customers who made in-person payments during the four-month window. On the Border confirmed law enforcement collaboration but did not identify the investigating agencies or disclose whether the attackers were apprehended. No customer count or specific restaurant locations were revealed, though the company notified potentially affected individuals. Financial institutions received alerts about compromised cards to monitor for fraudulent activity. The malware's origin and intrusion vector remained undisclosed, with no public attribution to any threat actor group. Ongoing investigative efforts focused on determining the full scope of data exfiltration and reinforcing security measures for payment systems.