US-based restaurant chain Truluck‘s Seafood, Steak & Crab House has reported a data breach compromising the security of customers’ payment card information at certain locations.

The incident is understood to have taken place between 21 November and 8 December last year at the company’s locations in Houston, Dallas, Austin, Naples, Southlake, and Chicago.

Truluck’s was contacted by the FBI about potential unauthorised access to one of the company’s servers. After this, the company appointed third-party forensic experts to start an investigation into the incident.

As part of the investigation, the restaurant chain identified that a type of malware was inserted into its point of sale (PoS) systems at the eight restaurants by an unauthorised user.

“They quickly took steps to determine how the information may have been accessed and took action to prevent further unauthorised access to card data.”

The company reported customers’ data such as credit or debit card numbers and expiration dates were compromised during the incident. However, the names and addresses of people involved were reportedly not taken.

In a statement, the company said: “Upon learning of this incident, they quickly took steps to determine how the information may have been accessed and took action to prevent further unauthorised access to card data.

“As part of their ongoing commitment to the security of personal information in their care, they are also working to review their existing information security procedures and to implement additional safeguards to further secure the information on their systems.

“Truluck’s continues to work with third-party experts to ensure the security of their systems on behalf of their customers.”

In addition, the restaurant firm has established a dedicated assistance line to assist customers seeking additional information regarding this incident.