US-based casual dining chain Chili’s Grill & Bar has reported a data incident at its corporate-owned restaurants resulting in a leak of payment card information of some customers.

The incident, which is believed to have occurred between March and April this year, was identified by the company on 11 May this year.

Currently, the restaurant chain has hired third-party forensic experts to conduct a thorough investigation to understand the details of the incident.

According to the company, a malware was used for the data breach on its payment-related systems to collect payment card information such as credit or debit card numbers and cardholder names used for in-restaurant purchases.

The company has also notified law enforcement of the incident and will continue to fully cooperate with them throughout the investigation process.

In addition, the restaurant chain is planning to offer fraud resolution and credit monitoring services for customers affected by this incident and will display the information regarding this on its website.

Chili’s Grill & Bar, a brand of Dallas-based Brinker International, currently operates more than 1,600 locations in 31 countries and two territories.

Menu items offered by the restaurant chain include burgers, ribs and fajitas in various flavours.

Ryan Wilk, vice president at NuData Security, a Mastercard company, commented: “Brinker proves to be taking their customer’s online security seriously by reporting the breach incident on the very same day it was discovered so that customers can take action and secure their information right away – by monitoring their credit or freezing it if required.

“Stolen data, whether it is from this breach or the myriad of breaches in the last years, puts companies and their customers at risk. Companies are starting to implement multi-layered solutions to verify their users based on other parameters in addition to usernames, credit card numbers or passwords. Technology such as passive biometrics and behavioural analytics is able to verify a user based on how they behave online, so that even if the right credentials or payment details are presented a fraudulent transaction can be blocked before it goes through.”