US-based multi-brand restaurant operator Darden Restaurants has announced that a data breach was identified by federal authorities on its subsidiary Cheddar’s Scratch Kitchen’s certain restaurants in 23 states.
The data breach may have compromised payment card information, including 567,000 card numbers of customers who visited the affected restaurants from 3 November 2017 to 2 January 2018.
Cheddar’s restaurants in Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia and Wisconsin are affected by the breach.
In a notification on its website, Cheddar’s said: “Once Cheddar’s Scratch Kitchen learned of this incident, we engaged a third-party cybersecurity firm to investigate. Our current systems and networks were not impacted by this incident. The unauthorised access appears to have occurred on a network that was permanently disabled and replaced by 10 April 2018. It’s important to note that there are no indications of unauthorised access to the current Cheddar’s Scratch Kitchen network and systems.”
In addition, the company has arranged ID Experts to offer MyIDCare services to affected customers at no cost to help resolve issues if identity has been compromised.
MyIDCare services include 12 months of credit and CyberScan monitoring, a $1m insurance reimbursement policy, and fully managed identity theft recovery services.