Guests who visited certain Chili’s units during March or April may have had their credit-card information stolen, the casual-dining chain revealed over the weekend.
The Brinker International chain said it is still assessing how many customers may have had their data swiped. It also acknowledged that the period of vulnerability may be longer than initially indicated.
“We are working with third-party forensic experts to conduct a thorough investigation to determine the details of what happened,” the chain said in a statement. “Law enforcement has been notified of this incident and we will continue to fully cooperate.”
The statement was issued on May 12. Chili’s said it learned of the breach at company-operated stores on May 11.
Headquarters said it believes the data theft was the result of malware being introduced into the payment system of company stores.