Chili’s Grill & Bar customers might still be paying for their last meals.
The restaurant chain recently suffered a data breach that compromised customers’ credit and debit card numbers and cardholder names—but it’s doing what it can to foster trust and help protect its brand reputation.
On Saturday, Brinker International—the parent company of Chili’s and Maggiano’s Little Italy—announced the incident in its newsroom. The release read, in part:
On May 11, 2018, we learned that some of our Guests’ payment card information was compromised at certain Chili’s restaurants as the result of a data incident. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident. We deeply value our relationships with our Guests and sincerely apologize to those who may have been affected.
We immediately activated our response plan upon learning of this incident. We are working with third-party forensic experts to conduct an investigation to determine the details of what happened. Below is information on how you can protect yourself and your information.
We are working diligently to address this issue and our priority will continue to be doing what is right for our Guests. We are committed to sharing additional information on this ongoing investigation with our Guests as we learn more.
The theft, according to Brinker’s analysis so far, was limited in both severity and scale. Only credit and debit card data, including customer names, was compromised—luckily, Chili’s doesn’t ask for your social security number or date of birth when they sell you a burger. The chain also says only “certain” restaurants were impacted, and only in March and April of 2018, though they are still working with security experts to evaluate the incident.
Chili’s shared its announcement on its Facebook and Twitter profiles, too:
On May 11 we learned that some of our Guests’ payment card information from certain restaurants was compromised. We value our relationship with our Guests and are committed to sharing details as we know more here: https://t.co/xWnJ1a7Auy
— Chili’s Grill & Bar (@Chilis) May 12, 2018
The restaurant chain’s social media team has been replying to customers’ tweets and Facebook replies (even though most of the answers direct consumers to its newsroom for more information).
Perhaps the restaurant has taken notes from other organizations’ data breaches: Chili’s response has been swift and thorough.
The announcement of the breach came just a day after Brinker says it discovered it, and just a few weeks after it reportedly occurred. That’s a marked improvement over some recent reactions to much more widespread data breaches, including Facebook’s decision to inform neither users nor the Federal Trade Commission about the leak of user data in the Cambridge Analytica scandal until it was discovered by reporters. While U.S. states have a patchwork of laws requiring notification of a data breach, no federal standard is in place.
In Brinker’s newsroom, the company provides an overview the incident, along with the information that was compromised and what it’s doing to investigate, inform customers and rectify the situation. The page also offers viewers a frequently asked questions section, which covers when the event occurred, whether it’s safe to currently use cards at Chili’s (it is) and advice for customers to prevent fraud.
What do you think of Chili’s crisis response?