Chili’s Data Breach May Affect Maryland Locations, Customers

If you dined at a Chili's Grill & Bar restaurant in March or April and paid for your meal with a credit or debit card, you may want to check your statement activity. The restaurant chain, which has more than a dozen locations in Maryland said its data was breached.

The Dallas, Texas-based chain said it learned of the incident on Friday. Officials think the breach was limited to March and April, but are continuing to assess the situation with a third-party forensics expert. The matter has also been referred to law enforcement for investigation.

"Based on the details of the issue currently uncovered, we believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili's restaurants," Chili's parent company, Brinker International, said in a statement.

In Maryland, Chili's has these locations across the state:

• Baltimore
• Bel Air
• Bowie
• Dundalk
• Easton
• Eldersburg
• Elkton
• Frederick
• Hagerstown
• Linthicum Heights
• Salisbury
• Timonium
• Waldorf

Chili's doesn't collect information such as Social Security numbers, full dates of birth, or federal or state identification numbers, so that information wasn't compromised, the company said.

The data breach affected certain restaurants, though a full list hasn't been released. Chili's said information will be posted as it becomes available on the Brinker International website. Check back here.

(For more news like this, find your local Patch here. If you have an iPhone, click here to get the free Patch iPhone app; download the free Patch Android app here. Also, be sure to follow Patch on Facebook!)

Guests who dined at Chili's during the affected period don't need to cancel their credit or debit cards, but should check their statements for accuracy. Suspicious activity should be reported to banking and credit card companies.

Some other steps guests should consider taking include:

• Contact one of the nationwide credit-reporting agencies — Equifax, Experian or TransUnion — and ask that a fraud alert be placed on your account to alert creditors of possible fraudulent activity and also request a contact before establishing any accounts in your name. Information about how to do that is on the Brinker International website.
• Ask that a “security freeze” be placed on your credit account. That means your credit account cannot be shared with potential creditors, and can also help prevent new account identity theft.
• Watch your bills, statements and mailing lists, and frequently review all of your bank statements for checks, purchases and deductions that you did not authorize. Even if you don’t initially find suspicious activity, you should continue to monitor your statements.
• Remove your name from mailing lists of pre-approved offers of credit for approximately six months.
• Contact the Federal Trade Commission either online or by calling (877) 438-4338. If you suspect or know that you are a victim of identity theft, you can report this to the FTC’s fraud department and obtain information about fraud alerts and security freezes.
• If you think you’re an identity theft victim, contact local police or your state attorney general. The contact information for the Maryland Office of the Attorney General is: Maryland Office of the Attorney General, 200 St. Paul Place, Baltimore, MD 21202; Telephone: (888) 743-0023; website: http://www.oag.state.md.us.

Photo via Shutterstock/Jonathan Weiss