Chili’s Class Action Says Data Breach Should Have Been Prevented

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

In a class action lawsuit, Chili’s customers claim that the restaurant’s parent company didn’t do enough to prevent a recent data breach.

Plaintiffs Marlene Green-Cooper, Shenika Thomas, and Fred Sanders allege that Brinker International Inc., the parent company that owns Chili’s restaurants, was negligent in protecting consumer information, allowing a data breach that exposed the personal information of thousands of consumers.

The customers claim that the company also did not release information about the data breach soon enough.

On May 12, 2018, Brinker International released a statement saying that the Chili’s computer systems had been hacked, and that “malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from [the] payment-related systems for in-restaurant purchases at certain Chili’s restaurants.”

Chili’s stressed that while payment information had been compromised, other sensitive consumer information like Social Security numbers and date of birth had not been released, as the company does not collect this information from its customers.

Allegedly, the company did not take sufficient action to prevent the data breach. The Chili’s data breach class action lawsuit argues that in light of the numerous recent data breach incidences affecting companies with similar computer systems to Chili’s, the company should have been able to learn from other companies’ difficulties and sufficiently prepare itself for a potential data breach.

According to the Chili’s class action lawsuit, “while many retailers, restaurant chains, and other companies have responded to recent breaches by adopting technology that helps make transactions more secure, Brinker did not.”

Instead, the Chili’s consumer data class action lawsuit claims that Chili’s either intentionally, willfully, recklessly, or negligently did not implement sufficient security measures, leaving consumer information vulnerable to theft.

As a result, Green-Cooper and other consumers are claiming damages for breach of contract, negligence, and violation of multiple consumer protection statues in various states.

Allegedly, thousands of dollars worth of fraudulent purchases have been made on customer cards as a result of the data breach, which the consumers claim shows that the damage done by the data breach is concrete.

Reports indicate that in addition to the financial damage done by identify theft in the form of fraudulent purchases, consumers also must spend significant time recovering from a data breach. Reportedly, the average victim of identity theft spends several months dealing with the problem, and some spend over a year.

The consumers in the Chili’s data breach class action lawsuit also claim that the company did not notify its customers quickly enough about the data breach, allegedly waiting two months before making a statement about the breach to the public.

The Chili’s customers say this increases the damage done by the breach, because it prevents consumes from taking timely action to protect their information, like changing credit card numbers and account numbers, or by looking for fraudulent purchases.

The plaintiffs are represented by John A. Yanchunis, Patrick A. Barthle II of Morgan & Morgan Complex Litigation Group and Jean Sutton Martin of the Law Office of Jean Sutton Martin PLLC.

The Chili’s Data Breach Class Action Lawsuit is Marlene Green-Cooper, et al. v. Brinker International Inc., Case No. 3:18-cv-00686, in the U.S. District Court for the Middle District of Florida.