Latest retail data breach as Chili’s announces

Chili’s is just the latest in a long string of popular retailers to announce that customer data has been compromised as a result of malware-infected point-of-sale (POS) systems. Reported to have taken place during March and April 2018, the company has been relatively mum on the specifics of the breach so far, possibly because they are still working to unpack the details of the attack internally.The speed with which Chili’s alerted the press to the incident is one of the more noteworthy aspects of this otherwise disturbingly common type of headline. News like this has historically only come to light many months – or even years – after the incident takes place. Chili’s, on the other hand, reportedly discovered the incident on May 11 and had a press statement ready the following Monday, May 15.Chili’s told the press that they were currently working with forensic experts to get a firm grasp on the true scope of the incident, likely to avoid broadcasting misinformation that would require ongoing public corrections– one of the many damning aspects of the headline-grabbing Equifax breach, which continues to grab headlines on a near-weekly basis.While the Equifax breach continues to haunt the company as more details come to light, one of the initial common outrages among the victims of that incident was that Equifax had withheld announcing the incidents until several months after the breach was discovered internally. While both the nature and scope of the Equifax incident is likely wildly out-of-scale to what will come out of the Chili’s attack, by being proactive in alerting customers to the potential that they were compromised, Chili’s gave the public a chance to start immediately looking into their security posture and transaction histories while details are ironed out.

That isn’t to say Chili’s deserves commendation for alerting their customers sooner than Equifax did. In fact, were the company subject to the upcoming General Data Protection Regulation (GDPR) from the EU that goes into effect on May 25, they would have needed to alert affected parties within 72 hours of the incident being discovered or be privy to major financial penalties.

By shedding light on the breach the first business day after discovery, Chili’s demonstrated that, at the very least, they are doing their best to be as transparent as possible within the constraints of upcoming regulation – something businesses of all stripes should be striving for.

As more details of the attack come to light in the coming days and weeks, we’ll unpack the nature of the breach and what similar brands can do to prevent major data theft from crippling their operations.

In the meantime, read our whitepaper, “The Future of Retail,” to learn more about the changing face of retail and how a more connected future will require the industry to overhaul cybersecurity broadly.