Brinker International, the parent company of Chili’s Grill & Bar, announced Saturday that a data incident at some Chili’s restaurants may have resulted in a credit and debit card data breach.

According to the company, the data incident may have resulted in unauthorized access or acquisition of customers’ payment card data.

Malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from payment-related systems for in-restaurant purchases at certain Chili’s restaurants, the company stated.

Chili’s stated it does not collect certain personal information (such as social security number, full date of birth, or federal or state identification number) from Guests. Therefore, this personal information was not compromised

The company believes the data incident was limited to between March – April 2018, although they are still assessing the scope of the incident.