Slashdot Mirror
Card Breach Announced at Chili's Restaurant Chain (bleepingcomputer.com)
Catalin Cimpanu, reporting for BleepingComputer: Malware has harvested payment card details from some Chili's restaurants, Brinker International, the company behind the restaurant chain announced on Friday. Brinker says it detected the malware on Friday, May 11, the same day it made the announcement. The company said it is still investigating the incident together with law enforcement and third-party forensic experts. Based on the current details it was able to gather, the company said the malware appears to have infected some of its payment systems from where it gathered credit or debit card numbers and cardholder names.
Solution ... don't eat at Chili's. It's not like you'll really miss crappy fake "Tex Mex" food heated in a microwave. If you really need this cr@p, pay with good, old-fashioned, cash or a pre-paid card.
I don't like it when companies spend months before making an announcement, but making a public announcement the SAME DAY it's first discovered is surprising. It takes time to investigate and see if it's only an attacker in a certain city hitting nearby restaurants (such as over their wifi on no-table kiosks) or if it's very widespread. Chili's is a franchise, so there are many different companies running Chili's branded restaurants and they probably have separate payment systems.
It also takes time for the technical people, executives, lawyer, and PR people to talk and make sure the public statement says the right things - that it's accurate and doesn't unnecessarily implicate Chili's in something that may be just one franchisee, for example. Getting the statement out the same day it was discovered is surprising.
I'm glad to see they've already brought in third-party experts. In-house people may want to cover their own ass, or cover their friend's ass, or likely simply don't specialize in computer forensics and investigations, so calling in third-party experts is a really good idea.