Card Breach Announced at Chili's Restaurant Chain
Catalin Cimpanu, reporting for BleepingComputer: Malware has harvested payment card details from some Chili's restaurants, Brinker International, the company behind the restaurant chain announced on Friday. Brinker says it detected the malware on Friday, May 11, the same day it made the announcement. The company said it is still investigating the incident together with law enforcement and third-party forensic experts. Based on the current details it was able to gather, the company said the malware appears to have infected some of its payment systems from where it gathered credit or debit card numbers and cardholder names.
I've lived in the Seattle since I was born almost 63 years ago, and I have never found a restaurant that is spicy. Even I have to specify that I want something "Indian spicy" but still don't get it spicy. The closest I've some to getting something even near as spicy as I want was when I asked for that with three Indian friends that all told the waitress that I meant that. It sill wasn't as spicy as their meals.
Solution
Solution
... don't eat at Chili's.
Better solution: Fix the idiotic CC system the requires the same information to be both widely known and secret.
wouldn't be easier?
Wonder if the koisks were the security breach. (Score:5, Interesting)
Chili's has those stupid at-table tablet kiosks that allow you to order things and pay your bill yourself.
In the current climate of card skimming devices being installed by criminals at ATMs and gas pumps -- consider that.
A portable, wireless, card reading device that is being left unsupervised for long periods of time, and the customer is being encouraged to use by the staff.
Yeah announcing it the same day. Third party help
I don't like it when companies spend months before making an announcement, but making a public announcement the SAME DAY it's first discovered is surprising. It takes time to investigate and see if it's only an attacker in a certain city hitting nearby restaurants (such as over their wifi on no-table kiosks) or if it's very widespread. Chili's is a franchise, so there are many different companies running Chili's branded restaurants and they probably have separate payment systems.
It also takes time for the technical people, executives, lawyer, and PR people to talk and make sure the public statement says the right things - that it's accurate and doesn't unnecessarily implicate Chili's in something that may be just one franchisee, for example. Getting the statement out the same day it was discovered is surprising.
I'm glad to see they've already brought in third-party experts. In-house people may want to cover their own ass, or cover their friend's ass, or likely simply don't specialize in computer forensics and investigations, so calling in third-party experts is a really good idea.
I only ever get cash out of ATMs physically located inside banks
You forgot to mention how you gave your bank account number to your employer to direct deposit your pay, your employer outsourced direct deposit to the cheapest service, and as soon as the direct deposit service company gets compromised, your bank account will be empty.
Did they hack the Pay at Table Tablets? (Score:2)
Did they hack the Pay at Table Tablets?
