Brinker International (the parent company of the Chili's restaurant chain) formally announced that on May 11, they discovered malware on an undisclosed number of their point of sales terminals. Details are sketchy at this point, because the investigation is still ongoing, but the company had the following to say about the incident:
"If you used your payment card at a Chili's restaurant between March and April 2018, it does not mean you were affected by this incident. However, out of an abundance of caution, we recommend that you remain vigilant and consider taking one or more steps to avoid identity theft, obtain additional information, and protect your personal information."
Among other things, the company is recommending that all customers who have dined at a Chili's restaurant during the period when the malware was active should contact one of the national credit reporting agencies and set up a fraud alert or a security freeze. You should, of course, also closely monitor the payment card you used, to be sure that you recognize all of the charges hitting that particular payment card.
At this point, it is unknown exactly how many Chili's locations were impacted, nor exactly how many customer records were compromised. It could be weeks, or even months before we have those details, so the company's recommendation is a good one.
So far, Brinker's handling of the aftermath of the issue has been exemplary, and based on that, we have every reason to expect that they'll continue to handle well to its conclusion. The problem is that we keep seeing successful breaches like this because the hackers are changing their tactics more quickly than company IT resources can adapt and respond to. Until and unless that changes, we'll be treated to more reports like this.