On The Border Mexican Grill & Cantina is warning customers who paid with a charge or credit card during the summer that some of their personal data may have been swiped by hackers.
An alert posted on the chain’s website says the breach apparently occurred between April 10 and Aug. 10 at company stores in 27 states. On The Border did not reveal how many customers may have been affected.
It stressed that not all corporate units were targeted by the hackers, and franchised restaurants were not affected. Nor did the breach involve payments made with a card for catering orders.
“On November 14, 2019, we determined that some of our guests’ payment card information was accessed through malware installed on a payment processing system,” On The Border said in the alert.
The chain said it has retained “a leading forensics firm” and is cooperating with authorities involved the investigation.
The swiped information may have included patrons’ names, credit card numbers, credit card expiration dates and the security codes that are printed on the cards for verification.
It stressed that delivery orders placed through third-party services were processed outside of the chain’s systems and so were not at risk of being hacked.
The restaurants affected by the security violation are located in Arizona, Arkansas, Colorado, Connecticut, Florida, Georgia, Illinois, Indiana, Iowa, Kansas, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas and Virginia.
The data breach was the second extraordinary development for On The Border in a week. A few days ago, the chain agreed to pay $100,000 to a cook at a New York unit who alleged he was subject to repeated racial slurs. The settlement resolved a lawsuit that was filed against the brand by the U.S. Equal Employment Opportunity Commission.