Instead of baby back ribs, Chili's customers may be crooning about wanting their data back. The restaurant chain's parent recently announced a credit and debit card data breach at some of its locations.
On May 11 we learned that some of our Guests’ payment card information from certain restaurants was compromised. We value our relationship with our Guests and are committed to sharing details as we know more here: https://t.co/xWnJ1a7Auy— Chili's Grill & Bar (@Chilis) May 12, 2018
Here's What Happened
On May 12, Brinker International, the company that operates the chain of casual Tex-Mex restaurants with more than 1,600 locations worldwide, issued a statement indicating that customer "payment card information was compromised at certain Chili's restaurants as the result of a data incident."
Internal investigators believe that identity thieves employed malware to collect credit and debit card numbers, as well as cardholder names, from in-store payment systems at an unspecified number of Chili's restaurants between March and April 2018. No other personal data was exposed.
"We sincerely apologize to those who may have been affected and assure you we are working diligently to resolve this incident," read a statement issued by Brinker International.
The company has not yet released a list specifying which locations were affected by the breach but says that it has enlisted third-party forensic experts to investigate the incident to determine what specifically happened, who was behind the attack, and how many customers have been impacted. Brinker International says they are cooperating with law enforcement officials, as well.
What to Do If You've Dined At Chili's
While the company says the breach was limited to March and April 2018, it's possible the breach could have extended beyond those dates. If you have dined at a Chili's restaurant in the last year and paid with a credit or debit card, you'll want to take steps to protect yourself.
1. Get a New Credit or Debit Card
An easy step to take is to simply cancel the current number on your credit or debit card. Call the issuer and explain that you would like a new card with a new number and PIN; they will send you an updated one at no charge. Some banks will issue new cards automatically if they know they have been part of a breach, but you have a right to request a new one at any time if they don't. (Don't delay—this information can be sold and used quickly on the dark web.)
2. Keep an Eye on the Activity on Your Accounts
You should also monitor your card's activity, especially if you don't change the number. It's a good idea to be vigilant about how all your credit and debit cards are being used. Set up text or email alerts sending you a message whenever your card is used, and go back through your recent statements to check for any suspicious activity.
Report any suspicious or fraudulent charges immediately. You aren't liable for fraudulent credit card transactions, but if you wait too long to report a fraudulent debit card charge, you could be on the hook for up to $500
3. Change Your Passwords
You'll want to update the passwords on the online accounts for your credit and debit cards. While that information was not exposed in this breach, identity thieves with access to your card numbers could also figure out a way into your online accounts.
4. Monitor Your Credit
While this breach is only known to have affected specific credit and debit card accounts, the reality is that in an age of data breaches, it's smart to remain vigilant about monitoring your credit reports for inquiries or new accounts that may be the result of fraudsters trying to get to your identity.
If you're worried about fraud, file a free initial security alert that is active on your account for 90 days at the Experian fraud center. (The bureaus are legally required to share such alerts with the other two counterparts, so you don't need to file it with all three.) Such an alert notifies lenders pulling your credit to take extra steps to verify your identity, which can flummox identity thieves. However, it does not block access to your credit report altogether.
For the most protection, you might consider freezing your credit reports, which will prevent lenders from extending new credit in your name altogether. Credit freezes typically cost $10, though they can be up to $20. (Remember, you also have to pay to unfreeze your credit if you need to apply for credit in your name, as well.) For more information on what to do if your credit or debit card has been part of a data breach, visit our complete guide at Experian.com.
Want to instantly increase your credit score? Experian Boost™ helps by giving you credit for the utility and mobile phone bills you're already paying. Until now, those payments did not positively impact your score.
This service is completely free and can boost your credit scores fast by using your own positive payment history. It can also help those with poor or limited credit situations. Other services such as credit repair may cost you up to thousands and only help remove inaccuracies from your credit report.