An estimated 567,000 Cheddar’s Scratch Kitchen customers may have had their charge-card numbers stolen during a two-month-long data security breach at the casual chain, parent company Darden Restaurants revealed yesterday.
Hackers broke into a POS system that has since been replaced by a new network as part of Cheddar’s assimilation into Darden, which bought the chain in April 2017 for $780 million. Authorities alerted Darden that consumers who visited Cheddar’s restaurants in 23 states between Nov. 3, 2017, and Jan. 2, 2018, may have had their card numbers taken, the company said. Cheddar’s legacy POS was replaced by April of this year, it added.
“The trust our guests place in us is something we take very seriously, and we regret that this incident occurred,” Darden said in disclosing the breach. “We deeply value our relationships with our guests, and our priority is to assist those who may have been impacted by this incident.”
The company noted that it has retained a data-security firm to provide free assistance to customers who may have been affected.
The Cheddar’s restaurants that may have lost data were located in Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia and Wisconsin.