Newsroom
Data breach hits Chili's restaurants, investigation ongoing
Some Chili's Grill & Bar restaurants were impacted by a data breach between March and April this year, compromising customers' credit and debit card information. NAFCU continues to call on Congress to instate national data security standards – akin to those followed by credit unions – in an effort to curb future breaches.
In its notice of the breach, Chili's parent company Brinker International said it became aware of the breach on May 11. It confirmed that some customers' credit and debit card numbers and cardholder names had been compromised, but other personal information such as Social Security Numbers or full birthdates, which are not collected by the company, are not at risk.
Brinker has not said how many customers or which locations were impacted by the breach, but it continues to work with third-party forensic experts to determine the scope of the incident. Initial findings point to malware used to collect the information.
The company's breach notification includes details known so far, as well as tips for consumers to protect their potentially compromised financial information. Brinker said it will update the page as more information is available.
NAFCU has been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system.
Currently, NAFCU-sought draft legislation is being worked on by House Financial Services Subcommittee Chairman Blaine Luetkemeyer, R-Mo., and Rep. Carolyn Maloney, D-N.Y. The draft bill builds on provisions from the Data Security Act of 2015, which would have created a strong national data security standard for retailers, held them accountable for breaches on their end and recognized credit unions' compliance with the Gramm-Leach-Bliley Act.
NAFCU remains a leading advocate on this issue and is working to ensure that all entities that hold or collect consumers' personal financial information are held to similar standards as credit unions. Credit unions can contact their lawmakers on the data security issue through NAFCU's Grassroots Action Center.