On The Border reports a data breach

Patrons of company stores in 27 states may have had personal data stolen, the chain warned.
Photograph: Shutterstock

On The Border Mexican Grill & Cantina is warning customers who paid with a charge or credit card during the summer that some of their personal data may have been swiped by hackers.

An alert posted on the chain’s website says the breach apparently occurred between April 10 and Aug. 10 at company stores in 27 states. On The Border did not reveal how many customers may have been affected.

It stressed that not all corporate units were targeted by the hackers, and franchised restaurants were not affected. Nor did the breach involve payments made with a card for catering orders. 

On November 14, 2019, we determined that some of our guests’ payment card information was accessed through malware installed on a payment processing system,” On The Border said in the alert.

The chain said it has retained “a leading forensics firm” and is cooperating with authorities involved the investigation.

The swiped information may have included patrons’ names, credit card numbers, credit card expiration dates and the security codes that are printed on the cards for verification. 

It stressed that delivery orders placed through third-party services were processed outside of the chain’s systems and so were not at risk of being hacked. 

The restaurants affected by the security violation are located in Arizona, Arkansas, Colorado, Connecticut, Florida, Georgia, Illinois, Indiana, Iowa, Kansas, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas and Virginia.

The data breach was the second extraordinary development for On The Border in a week. A few days ago, the chain agreed to pay $100,000 to a cook at a New York unit who alleged he was subject to repeated racial slurs. The settlement resolved a lawsuit that was filed against the brand by the U.S. Equal Employment Opportunity Commission. 

Members help make our journalism possible. Become a Restaurant Business member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.


Exclusive Content


Reassessing McDonald's tech deals from 2019

The Bottom Line: The fast-food giant’s decision to end its drive-thru AI test with IBM is the latest pullback away from a pair of technology acquisitions it made five years ago.


Trend or fad? These restaurant currents could go either way

Reality Check: A number of ripples were evident in the business during the first half of the year. The question is, do they have staying power?


Starbucks' value offer is a bad idea

The Bottom Line: It’s not entirely clear that price is the reason Starbucks is losing traffic. If it isn’t, the company’s new value offer could backfire.


More from our partners