Today’s topics include a Chili’s restaurant data breach exposing customer payment card information, and Google ensuring full compliance with the EU’s new GDPR rules.
Brinker International, which operates over 1,600 Chili’s restaurants globally, announced a global point of sale data breach on May 12, after becoming aware of the security incident the day before. The company did not reveal how many customers have been impacted by the breach.
Brinker International stated, “We believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants. … Currently, we believe the data incident was limited to between March [and] April 2018.”
Brinker International said that while payment card information was stolen, personal information such as Social Security numbers, dates of birth, and federal or state identification numbers remain safe, as Chili’s doesn’t collect that information from customers.
With less than two weeks before the European Union’s General Data Protection Regulation goes into effect, Google last week listed the multiple measures the company has taken to ensure its cloud services comply with the data privacy mandate.
GDPR requires organizations handling personal data belonging to EU residents to implement certain controls for protecting the data, and so Google has updated its data processing terms and conditions, added new data portability features, and updated terms pertaining to breach disclosures and incident reporting.
“Compliance is central to Google Cloud’s mission of protecting the privacy and security of our customers’ information. We’ll continue our work in this space, and are committed to helping you meet your GDPR compliance needs,” said Google Cloud directors Suzanne Frey and Marc Crandall.