Coming to us in recent cyber security news is the data breach affiliated with Chili’s. The southwestern themed restaurant has been attacked by malware and has announced this as of May 11th. Customer payment information is the data sought and stolen in this data breach.#News: Chili's - the southwestern themed restaurant has been attacked by #malware and has announced this as of May 11th. Click To Tweet
The parent company of Chili’s – Brinker International – announced the data breach on May 12th and stated that it “may have resulted in unauthorized access or acquisition of [customer] payment card data.”
The scope of the data breach is believed to have been between March and April. The customer pool affected and exact breach dates remains unknown as a cyber forensic team is currently assessing the security incident. Law enforcement agencies have also been called upon for further investigation efforts. To be on the safe side, Chili’s is highly recommending anyone who made a purchase at the restaurant to contact nationwide credit reporting in order to further protect themselves. More information surrounding this breach will be released as it is uncovered by investigation efforts.
The malware positioned at the root cause of this incident gained unauthorized access to Chili’s PoS (point of sale) system. Once inside the PoS system, credit and debit numbers were scraped from cards as well as the corresponding cardholder names. No further information is suspected to have been breached as Chili’s does not collect anything outside of customer payment information. The cards stolen were related to purchases made within the restaurant. The breach has now been ceased and Chili’s states there is no reason to believe that dining at its restaurant puts anyone at risk at this time.
News of this breach comes at the same time as the American restaurant branch has been experiencing decreasing sales prior to the breach. Security incidents not only cause damage to consumers but also to the reputation, integrity and overall image of the company; further prompting the need for capable data loss prevention software and tactics.
Tactics on Active Prevention Methods
According to Business Insider:
“the key to effective risk management of cyber security is the ability to assess, measure, monitor and control the risk.”
Via a monitoring software that practices DLP (data loss prevention) an organization may be able to take notice of any unusual actions and receive alerts. Additionally, as Chili’s has brought in a cyber forensics teams to analyze the incident – an organization can achieve similar results by utilizing software that captures and records data in motion or at rest. All actions (including what user made them) and locations to the given data is also monitored and recorded. The data can be catalogued and reviewed to should an incident occur. The software at hand can also aid in trimming down lag time, allowing for recovery efforts to quickly commence. Click below to learn more about Teramind.