Daytona Beach, FL – The parent company which recently bought Cheddar’s Scratch Kitchen says a possible cyber attack last year on the restaurant chain’s payment system may have compromised the identities of over half a million people in 23 states, including Florida.
Officials with Darden Restaurants say they were notified by federal investigators of what happened a week before making today’s (August 22nd) announcement via press release.
“We believe that payment card information, including card numbers, from guests who visited the affected Cheddar’s restaurants between November 3, 2017 and January 2, 2018, may have been exposed,” stated the press release. “We estimate the exposure to be 567,000 payment card numbers. However, we continue to assess the scope of the incident.”
Cheddar’s only location in the Volusia-Flagler area is on West International Speedway Boulevard in Daytona Beach, across from Daytona International Speedway and near Volusia Mall.
The same officials say the attack was discovered inside a point-of-sale system exclusively used by Cheddar’s to process card payments before Darden bought the chain out in 2017.
“Upon being notified of this incident, we activated our response plan and we engaged a third-party forensic cybersecurity firm to investigate,” the release noted. “Our current systems and networks were not impacted by this incident.”
The compromised system, according to Darden, was phased out in April 2018 and hasn’t been used since.
Other Cheddar’s locations in the following states were also affected: Alabama, Arizona, Arkansas, Delaware, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia and Wisconsin.
Anyone who was impacted by this breach can get access to identity protection services at no cost through Darden. For more information about that, click here or call 888-258-7280 between 8 a.m. and 8 p.m. Eastern time.