Chili’s Data Breach

May 15, 2018 | Blog

I thought I had a bad weekend. Then I heard about the Chili’s Data Breach.

Turns out Brinker International had issues that far outweigh the problems from sleeping on a 10-year-old mattress. The parent company of the Dallas-based Chili’s Bar & Grill said it learned of a data breach on Friday that included payment card information possibly being compromised between March and April of this year.

Brinker International responds to the Chili’s data breach

According to a press release on Brinker International’s website, the company said the following:

Based on the details of the issue currently uncovered, we believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident.

Chili’s does not collect certain personal information (such as social security number, full date of birth, or federal or state identification number) from Guests. Therefore, this personal information was not compromised.

Brinker apologized to those who may be affected and said it is working with third-party forensic experts to investigate. “We sincerely apologize to those who may have been affected and assure you we are working diligently to resolve this incident,” Brinker said in a written statement on its website.

Additional information about the breach can be found on the Brinker International site.

Brinker International shares so far are down 0.87% as a result.

Upon further investigation, I found that Brinker International recently brought on a company called Red Hat solutions to offer support for its guests across its mobile app, website, in-restaurant table kiosks, and curbside dining. By using Red Hat solutions, according to their website, “Brinker built a unified e-commerce environment to support faster development and deployment, scale to meet peak traffic demands, and ensure the protection of guest data.”

Red Hat published a Brinker International case study shortly thereafter and stated that, “This is a guest-facing platform that takes credit card transactions, so it’s got to be highly secure… with a Red Hat-based container, we know it’s from a trusted partner and know it meets all PCI [Payment Card Industry] requirements, while letting developers and other internal users to spin up environments quickly.”

Could the Chili’s data breach have been prevented?

Not to place blame, and this is highly speculative, but did Brinker International or Chili’s themselves drop the ball by not fully utilizing its tools? With Red Hat meeting the requirements of PCI compliance, did Brinker or Chili’s overlook something? Too many false positives? How vulnerable were they? Was payment information shared and stored somewhere it shouldn’t have been? Obviously without any information provided from the forensic investigation, it’s all speculation at this point. But it just goes to show how important it is to have all of your ducks in a row. There is no substitute for having your I’s dotted and your T’s crossed when it comes to data protection. I’m sure there’s another cliché I could come up with, but I think you get the point.

Data breaches have been all too common in today’s cybersphere. A series of notable ― and massive ― data breaches occurred last year. Equifax, Uber, the Dallas emergency siren network and state election systems were just a few of the targets of successful hacks.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation


Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!


Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523