Payment info exposed in Chili’s ‘data incident’

The chain's parent company says hackers may have used malware to steal some customers' payment information.

Your baby back ribs may have come with a side of credit card theft.

Chili’s Grill & Bar customers might have had their payment information exposed at certain restaurants, the casual dining chain’s parent company, Brinker International, disclosed on May 12, a day after learning of a “data incident.”

Brinker said it learned on May 11 that payment card information was compromised at some Chili’s locations. The incident that exposed the information was likely limited to March and April 2018, the company said, but it continues to “assess the scope” of what happened.

“We deeply value our relationships with our Guests and sincerely apologize to those who may have been affected,” Brinker said in a statement.


The company set up a website to provide updates as it learns more about the breach.

Brinker says it believes that hackers used malware to capture payment information from “payment-related systems” for in-store transactions at certain Chili’s locations.

The affected information includes credit or debit card numbers along with cardholder names. The company did not specify which of its locations were compromised or how many patrons were affected.

“We immediately activated our response plan upon learning of this incident,” Brinker said.


The company said that it has brought in third-party forensics experts to investigate the incident further and is cooperating with law enforcement.

Brinker says it is planning to offer fraud resolution and credit monitoring services to affected customers. It insists that it’s safe to use credit or debit cards at Chili’s moving forward but recommends that customers monitor their accounts to check for suspicious activity.

Latest Podcasts