Over half a million customers of US restaurant chain Cheddar’s Scratch Kitchen have had their payment card information compromised after an unauthorized intrusion at the company.
Parent company Darden Restaurants said it was notified by the “federal authorities” that attackers are likely to have swiped 567,000 payment card numbers after compromising a legacy POS system.
Guests who visited restaurants in 23 states between November 3 2017 and January 2 2018 could be affected.
“Upon being notified of this incident, we activated our response plan and we engaged a third-party forensic cybersecurity firm to investigate,” the company said. “Our current systems and networks were not impacted by this incident. In fact, this incident occurred on a legacy Cheddar's system that was permanently disabled and replaced by April 10, 2018, as part of our integration process.”
Identity protection services from ID Experts are being provided free of charge to those users affected.
Ryan Wilk, VP at NuData Security, argued that the breach risk has now effectively spread to “payment card providers and any other organizations with whom the victims hold accounts.”
“Once personal and financial information such as this is accessible to criminals, it feeds the pipeline of future cybercrime for years to come,” he argued.
“What companies can do at this point is to implement a different method of account protection to stop the damage after breaches. This is why businesses operating online are applying multi-layered security strategies with passive biometrics and behavioral analytics.”
The affected states are: Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia and Wisconsin.