(Reuters) – Darden Restaurants Inc said on Wednesday it was recently notified by federal authorities that guest data from certain of its Cheddar’s Scratch Kitchen restaurants may have been compromised in a cyber attack incident.
The Olive Garden owner said its systems and networks were unaffected by the incident, as the breach occurred on a legacy system of Cheddar restaurants chain, which was acquired by Darden in 2017.
Information from about 567,000 payment card numbers may have been exposed through affected restaurants in 23 U.S. states between Nov. 3, 2017 and Jan. 2, 2018, Darden said.
The company said it had disabled and replaced the legacy system by April 10 as part of the merger integration process.
Darden has engaged a third-party forensic cyber security firm to investigate the incident.
Reporting by Ankit Ajmera in Bengaluru; Editing by Maju Samuel