Customers who dined at Cheddar's Scratch Kitchen between November 3, 2017 and January 2, 2018 may need to check their credit card accounts.
The American restaurant, first known as Cheddar's Casual Cafe, said in a Wednesday news release that Darden Restaurants, the owner of the chain, was notified about a cyberattack incident involving restaurants in 23 states -- Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia and Wisconsin.
"We believe that payment card information, including card numbers, from guests who visited the affected Cheddar's restaurants between Nov. 3, 2017 and Jan. 2, 2018, may have been exposed," the news release said. "We estimate the exposure to be 567,000 payment card numbers; however, we continue to assess the scope of the incident."
"Once Cheddar's Scratch Kitchen learned of this incident, we engaged a third-party cybersecurity firm to investigate. Our current systems and networks were not impacted by this incident," the company said in a notification on its website. "The unauthorized access appears to have occurred on a network that was permanently disabled and replaced by April 10, 2018. It's important to note that there are no indications of unauthorized access to the current Cheddar's Scratch Kitchen network and systems."
The company is offering free identity protection services to affected customers.
"The trust our guests place in us is something we take very seriously, and we regret that this incident occurred," Cheddar's said in a statement. "We deeply value our relationships with our guests, and our priority is to assist those who may have been impacted by this incident. That is why we have arranged to have ID Experts provide identity protection services at no cost to those individuals."
© 2020 Cox Media Group