Notice of unauthorized access to or acquisition of Chili’s Grill & Bar guest data
On May 11, 2018, we learned that some of our Guests’ payment card information was compromised at certain Chili’s restaurants as the result of a data incident. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident.
We are working diligently to address this issue and immediately activated our response plan upon learning of this incident. We are working with third-party forensic experts to conduct an investigation to determine the details of what happened.
What Information Was Involved?
The investigation into this incident is ongoing; however, based on the details currently uncovered, we believe that malware was used to gather payment card information including credit or debit card numbers and cardholder names, and potentially expiration dates and CVV codes from its payment-related systems for in-restaurant purchases at certain Chili’s restaurants. Chili’s does not collect social security numbers, full date of birth, or federal or state identification numbers from Guests. Therefore, this personal information was not compromised.
What Are We Doing?
We are working with third-party forensic experts to conduct an extensive investigation to confirm the nature and scope of this incident. Law enforcement has been notified of this incident and we will continue to fully cooperate.
We are working with ID Experts® to provide Guests who may have been impacted by the incident with MyIDCare™, a free fraud resolution and credit monitoring service, which will help you resolve issues if your information is compromised. MyIDCare services include:
· 12 months of credit monitoring
· $1,000,000 insurance reimbursement policy
· Exclusive educational materials
· Fully managed identity theft recovery services
We encourage you to contact ID Experts with any questions and to enroll in free MyIDCare services by calling (888)710-8606 or going to ide.myidcare.com/ChilisDataIncident. MyIDCare experts are available Monday through Friday from 8 a.m. – 8 p.m. Eastern Time. Please note the deadline to enroll is August 15, 2018. MyIDCare representatives have been fully versed on the incident and can answer questions or concerns you may have regarding protection of your personal information.
For More Information.
If you have questions or concerns please visit brinker.mediaroom.com/ChilisDataIncident. We also have set up a dedicated call center and ID Experts website for Guests to obtain information about the incident and to enroll in credit monitoring services. The number for the call center, is (888)710-8606, and the address for the website is ide.myidcare.com/ChilisDataIncident. We are working hard to make sure these resources have the most up to date information. You also may find contact information for us at brinker.com/contact/default.html.
What You Can Do?
If you used your payment card at a Chili’s restaurant between March – April, 2018, it does not mean you were affected by this incident. However, out of an abundance of caution, in addition to taking advantage of the fraud resolution and credit monitoring services described above, we recommend that you remain vigilant and consider taking one or more of the following steps to avoid identity theft, obtain additional information, and protect your personal information.
1. Contact the nationwide credit-reporting agencies as soon as possible to:
Fraud Alert. Add a fraud alert statement to your credit file at all three national credit-reporting agencies: Equifax, Experian, and TransUnion. This statement alerts creditors of possible fraudulent activity within your report as well as requests that they contact you prior to establishing any accounts in your name. Once the fraud alert is added to your credit report, all creditors should contact you prior to establishing any account in your name. You only need to contact one of the three agencies; your request will be shared with the other two agencies. To place a 90-day fraud alert on your credit file, log into the Equifax Member Center and click on the fraud alert tab, visit www.fraudalerts.equifax.com or call the auto fraud line at 1-877-478-7625, and follow the simple prompts.
Security Freeze. Place a “security freeze” on your credit account. This means that your credit account cannot be shared with potential creditors. A security freeze can help prevent new account identity theft. If you would like to request a security freeze be placed on your account, you must write by certified or overnight mail to each of the three credit reporting agencies, or through the electronic or Internet method made available by the credit reporting agencies. Credit reporting agencies charge a $5 fee to place or remove a security freeze, unless you provide proof that you are a victim of identity theft, in which case there is no fee. Free Credit Report. Receive a free copy of your credit report by going to annualcreditreport.com.
Watch Bills, Statements and Mailing Lists. If you aren’t already doing so, please pay close attention to all bills and credit-card charges you receive for items you did not contract for or purchase. Review all of your bank account statements frequently for checks, purchases or deductions not made by you.
2. Contact the Federal Trade Commission (“FTC”) either by visiting ftc.gov, consumer.gov/idtheft, or by calling (877) 438-4338. If you suspect or know that you are the victim of identity theft, you can report this to the Fraud Department of the FTC, who will collect all information and make it available to law-enforcement agencies. You may also obtain information about fraud alerts and security freezes from the consumer reporting agencies, your state Attorney General, and the FTC. Contact information for the FTC is:
Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue
NW Washington, DC 20580
3. If you believe you are a victim of identity theft you should immediately report same to law enforcement and/or your state attorney general. Find the Attorney General’s contact information here.