Restaurant chain owner Brinker International Inc. advised Saturday that customer data may have been stolen from its Tex-Mex cuisine chain Chili’s in what looks like another case of retail point-of-sale hacking.

The incident was described as a “notice of unauthorized access” in a media release. The company said it had learned that “payment card information of some of our Guests who visited certain Chili’s Grill & Bar corporate-owned restaurants have been compromised in a data incident” between March and April.

Aside from the standard additions of having hired “third-party forensic experts to conduct a thorough investigation to determine the details of what happened” and law enforcement being notified, the company added that it believes at this stage that malware was used to steal credit and debit card numbers and cardholder names from POS terminals.

POS hacking usually involves one of two methods. The first is via infection of a corporate network that eventually spreads into the POS terminals themselves. The far more common method is localized hacking, where the attacker targets the retail network at a specific store, often physically through the use of malware-laden USB sticks. The fact that this hack is believed to have affected only a number of locations would suggest the latter.

Chili’s is far from the first retail outlet to have been targeted by this form of attack. Of the larger companies targeted, the Amazon.com Inc.-owned Whole Foods disclosed in September that it had suffered from a POS hack that involved the theft of credit and debit card numbers. Prior POS attacks include Chipotle Mexican Grill Inc., The Wendy’s Co. and Sonic Corp.

Brinker International is advising all Chili’s customers monitor and check bank and credit card statements, and if they notice any suspicious activity, they should contact their bank immediately.

Photo: Anthony92931/Wikimedia Commons