Cyber Incident Victim: Chili's

In March and April 2018, Chili’s Grill & Bar experienced a data breach affecting payment systems at an unspecified number of its restaurants. Parent company Brinker International publicly disclosed the incident on May 11, 2018, after discovering unauthorized access to credit and debit card information. Attackers deployed malware designed to harvest payment card data from Chili’s point-of-sale systems during in-restaurant transactions. The compromised data included card numbers and cardholder names but excluded more sensitive personal identifiers such as Social Security numbers, full dates of birth, or state ID numbers, which Chili’s did not collect. The breach timeline spanned approximately two months before detection, though the exact intrusion start date and duration per location remained under investigation. Brinker did not release a list of affected restaurants or confirm the total number of potentially compromised cards at the time of disclosure.

Brinker International immediately notified law enforcement and initiated a coordinated response upon identifying the breach. The company issued public assurances that it was working to resolve the incident and apologized to potentially affected customers. Forensic investigators focused on determining the malware’s scope and operational impact across Chili’s network. Brinker pledged to provide fraud resolution assistance and complimentary credit monitoring services to impacted guests, though enrollment details and eligibility criteria were pending further investigation. Internal efforts prioritized securing payment systems and preventing recurring incidents while cooperating with external cybersecurity experts. The breach’s full customer impact and precise attack vector remained undetermined at the time of the May 11 disclosure, with Brinker committing to ongoing updates as the investigation progressed.