Chili's Credit Card Data Breach

FrgMstr

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
55,601
If you used your credit card at a Chili's restaurant in March or April of this year, the restaurant is stating that it is possible that your credit card information was collected by "unauthorized access." But have no fear, Chili's is working tirelessly to find out who did this. As for what is Chili's doing for you? Not a damn thing. Chili's has a list of things you can do for yourself on this page. Because as you know, this is your fault, so go deal with it. The next time you think about diningt there, you might think to yourself, "Are these ribs really that good?" Thanks cageymaru.

What Information Was Involved? Based on the details of the issue currently uncovered, we believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident.

Chili’s does not collect certain personal information (such as social security number, full date of birth, or federal or state identification number) from Guests. Therefore, this personal information was not compromised.
Click to expand...
 
i really wish pci dss was enforced for everyone. Would love to see these places not able to accept credit cards for 3-5 years after one of these breaches.
 
I'll never eat at another Chili's since they refused to serve me alcohol one time due to having an out of state drivers license. Back in 04 or something.

I actually had this expression on my face.

giphy.gif
 
Haven't been to Chili's in years. No plans to..

Safest way to buy things at merchants is with their own gift cards, assuming you use the gift card all in one shot.

In other news, when are we doing OTP for cc transactions?
 
Considering the frequency at which this stuff is happening there should be a site with ongoing lists of these places. Anyone know of one?
 
  • Like
Reactions: haste
like this
Years ago I worked at Brinker as my first real job in Dallas doing help desk work...

What I find surprising, and what everyone should find surprising, is that they use the Radiant Aloha POS along with Radiant hardware which is used by damn near every restaurant. Data breaches are abound these days, but if I had to guess, we may be hearing more of this stuff from other restaurants that use Radiant hardware/software.
 
lostin3d said:
Considering the frequency at which this stuff is happening there should be a site with ongoing lists of these places. Anyone know of one?
Click to expand...

Probably a far shorter list for the ones not yet breached.

Once again, the safety, security and anonymity of cash is highlighted.
 
As for what is Chili's doing for you? Not a damn thing
Click to expand...
Unfortunately the status quo for data breaches, it's all about the company saving face and MAYBE (but not likely) actively trying to fix the holes (as long as it doesn't cost too much). Meanwhile it's up to you to deal with all the problems that may come about from identity theft.
 
  • Like
Reactions: mord
like this
timberwolf said:
No. The ribs are not that good. This place has been shit for years.
Click to expand...


Has the place ever not been shit?

As lobg as I have been familiar with them both Chili's and Applebee's (is there really a difference?) have posited as a low cost chain restaurants, or in other words garbage.

I can microwave my own food.

An easy way to judge restaurants:

- 1 location: Could be anywhere from absolute shit to Michelin 3 star glory. Only one way to find out.

- 2 - 4 locations: People really like them, so they have been expanding, thus they are probably not terroble, but on the other hand may have lost some of their magic as they have been expanding, so are probably no oinger amazibg either.

5+ locations: This place is either franchised or expanded through corporate mediocrity. Everything has been sacrificed in favor of cost cutting and efficiency. Expect an experience much like a school cafeteria.
 
Zarathustra[H] said:
Has the place ever not been shit?

As lobg as I have been familiar with them both Chili's and Applebee's (is there really a difference?) have posited as a low cost chain restaurants, or in other words garbage.

I can microwave my own food.

An easy way to judge restaurants:

- 1 location: Could be anywhere from absolute shit to Michelin 3 star glory. Only one way to find out.

- 2 - 4 locations: People really like them, so they have been expanding, thus they are probably not terroble, but on the other hand may have lost some of their magic as they have been expanding, so are probably no oinger amazibg either.

5+ locations: This place is either franchised or expanded through corporate mediocrity. Everything has been sacrificed in favor of cost cutting and efficiency. Expect an experience much like a school cafeteria.
Click to expand...


the flip side is that with a chain, you can count on something to taste like you know or expect. which is useful at times when you are traveling all over and simply want some food


generally when me and the wife travel we like to try local places.. but times.. you just want a hamburger or such.. and Mcchain food is appealing for a quick bite
 
lostin3d said:
Considering the frequency at which this stuff is happening there should be a site with ongoing lists of these places. Anyone know of one?
Click to expand...


there is a site called

haveibeenhacked.com

when you go there, you dont need to enter any info and it simply says


YES!!

 
katanaD said:
there is a site called

haveibeenhacked.com

when you go there, you dont need to enter any info and it simply says


YES!!
Click to expand...
Just go there and type in your credit card and SS number so they can check to see if you have been hacked. While your at it, have your GF upload nudes so they can block them from being shared.
 
Zarathustra[H] said:
Has the place ever not been shit?

As lobg as I have been familiar with them both Chili's and Applebee's (is there really a difference?) have posited as a low cost chain restaurants, or in other words garbage.
Click to expand...
Yeah basically, they have their place like any other franchise restaurant. Are they better than "fast food" (McDonalds, BK, Taco Bell, etc) sure, but yeah but them into the same category as any restaurant that has too many damn things on a menu and doesn't seem to have a particular focus other than "Americana Dining"
 
if you used a credit card i really would not care if someone has my card number as all i do is replace my card, if i had used a debit card (i guess bank card USA) then yes that be an issue

it would really help if USA would transition to EMV and contactless over the next 6 years, (propper EMV as in chip and pin not the half measure chip and sign) but even chip and sign would prevent card details been leaked as EMV gives you a one time token not useable card details
 
Dead Parrot said:
Probably a far shorter list for the ones not yet breached.

Once again, the safety, security and anonymity of cash is highlighted.
Click to expand...
There could be a list of companies not hacked yet.

And then that list would become a hitlist for people looking to fuck around with it.
 
Last edited:
Jim Kim said:
There is this for websites https://haveibeenpwned.com/PwnedWebsites
If only there was a Consumer Protection Agency that could track these things along with their other mandates. oh wait https://www.npr.org/2018/02/12/584980698/trump-administration-to-defang-consumer-protection-watchdog
Click to expand...

Only in this insane timeline could we have a CFPB that protects corporate interests instead of consumer ones. Like the EPA they are headed by swamplords who, previous to their current position, fought tooth and nail against the agencies they are now heading.
 
Zarathustra[H] said:
Has the place ever not been shit?

As lobg as I have been familiar with them both Chili's and Applebee's (is there really a difference?) have posited as a low cost chain restaurants, or in other words garbage.

I can microwave my own food.
Click to expand...
My sister used to work at a Chili's in the 90's and it was definitely a step above Applebee's (not that that is saying much). It was equivalent to other common chains like TGI Fridays and Ruby Tuesdays. Not that I would choose to eat at any of the above unless I was starving and there wasn't a better alternative.
 
likeman said:
if you used a credit card i really would not care if someone has my card number as all i do is replace my card, if i had used a debit card (i guess bank card USA) then yes that be an issue

it would really help if USA would transition to EMV and contactless over the next 6 years, (propper EMV as in chip and pin not the half measure chip and sign) but even chip and sign would prevent card details been leaked as EMV gives you a one time token not useable card details
Click to expand...


We don't even have that half measure in the US. What we do have is nothing but magstripe++. Flip the right bits in stripe, and you have an old fashioned unchipped card that'll still work in every PoS location in the country.
 
Haven't been to Chili's for literally a decade (poor high school student budget).
 
likeman said:
it would really help if USA would transition to EMV and contactless over the next 6 years, (propper EMV as in chip and pin not the half measure chip and sign) but even chip and sign would prevent card details been leaked as EMV gives you a one time token not useable card details
Click to expand...

I worked for a restaurant holding company around the time of the EMV 'cutover' date. At this company, it was determined that it would be far cheaper to pay the non-compliant fine per month, 30K to the company for being non-EMV, than it was to fully convert all aspects of the Point-of-sale and back office server equipment to handle an EMV compliant payment system. I believe they roadmapped about 2 years worth of paying the fines before it would even begin to make sense to do a full EMV conversion. I don't work for them anymore and I don't think they use EMV to this day.

PCI regulations can't stop these companies from thinking about their bottom line before the safety of their customers' data.
 
They used to have their own beer called Rusty's - I used to like it. This was over 20 years ago so take it with a grain of salt. I don't like their food anymore - not good.
 
Shithole restaurant loses shithole customer data. Not surprising.
 
Haste266 said:
Who the fuck eats at Chili's?
Click to expand...
Haha, you know I used to feel the same way as you and others on this thread but I love the damn place now. Cheap beer, cheap food. Maybe I'm drinking the beers too quickly, but I've never eaten anything bad there :)

I refuse to eat at applebees though.
 
I ate at Chili's once sometime last decade and never since. I guess that everyone else did as well as another restaurant is now in the building. Hell I couldn't even tell you where another Chili's is even located in my area without Googling it.
 
katanaD said:
the flip side is that with a chain, you can count on something to taste like you know or expect. which is useful at times when you are traveling all over and simply want some food


generally when me and the wife travel we like to try local places.. but times.. you just want a hamburger or such.. and Mcchain food is appealing for a quick bite
Click to expand...
That is an odd thing to do when traveling. Never eat chain... only "chain" we've eaten at in the last 20-30 trips is a few times at margaritaville at the Cancun airport for a drink and some gauc waiting for flights. Never eat chain unless literally 0 other options no matter how familiar... unless quick sandwich for a work lunch of course.
 
Sonicks said:
I worked for a restaurant holding company around the time of the EMV 'cutover' date. At this company, it was determined that it would be far cheaper to pay the non-compliant fine per month, 30K to the company for being non-EMV, than it was to fully convert all aspects of the Point-of-sale and back office server equipment to handle an EMV compliant payment system. I believe they roadmapped about 2 years worth of paying the fines before it would even begin to make sense to do a full EMV conversion. I don't work for them anymore and I don't think they use EMV to this day.

PCI regulations can't stop these companies from thinking about their bottom line before the safety of their customers' data.
Click to expand...
Are you referring to the liability shift? I've been working management in Fi's prior to the idea of EMV and have never heard of fines. Sure many organizations calculated losses for being the liable party and held off to adopt emv compliant POS or plastics (merchant vs FI) but never fines...
 
You must log in or register to reply here.
Back
Top