The parent company of Chili’s Bar & Grill restaurants nationwide is the defendant in a proposed class action lawsuit filed in the fallout of a data breach that spanned March and April 2018 and was disclosed publicly by defendant Brinker International, Inc. on May 12, 2018. According to the 63-page lawsuit, Brinker International should be held accountable not only for the data breach itself, but for allegedly failing to provide “timely, accurate and adequate” notice to customers that their sensitive data had been stolen.
The lawsuit says Brinker acknowledged on May 12 that Chili’s customers who engaged in payment card transactions at certain restaurants nationwide between March and April had their data stolen via malware. The plaintiff argues that the breach was wholly preventable, given the frequency with which cybercrimes have happened at other restaurants recently.
“Data breaches at other restaurant chains and retail establishments in the last few years have been the result of malware installed on point-of-sale (‘POS’) systems,” the complaint reads. “While many retailers, restaurant chains and other companies have responded to recent breaches by adopting technology that helps make transactions more secure, Brinker did not.”
Brinker International failed to detect the breach for two months, according to the complaint, leaving proposed class members susceptible to unauthorized credit and debit charges, identify theft, and the loss of privacy.