Criminals were able to infiltrate another point-of-sale system, this one used by Cheddar’s Scratch Kitchen, a unit of Darden Restaurants.
Announced Wednesday, the breach involved Cheddar’s locations in 23 states. Payment card information, including card numbers, from consumers who used them at Cheddar’s restaurants between Nov. 3, 2017, and Jan. 2, 2018, “may have been exposed,” Orlando, Fla.-based Darden said in a press release.
Darden estimated 567,000 credit and debit card numbers may be affected, though it cautioned it continues to “assess the scope of the incident.” It would not say how many locations were affected.
Darden said unnamed federal authorities notified it of the breach. Darden said the affected POS system was retired and replaced on April 10 with a new one that was not affected by the breach. It hired ID Experts, a breach-response company, to provide identity-protection services at no cost to affected consumers. There is no evidence yet of any use of the ill-gotten data, Darden said on a Web site operated by ID Experts for the breach.
Breaches of hospitality and related POS systems continue to bedevil merchants and payments providers alike. Attacks targeting payment card data account for 90% of all breaches within the hospitality segment, found Verizon Communications Inc. in its annual breach study.