On August 16, 2018, Darden Restaurants was notified by federal authorities that a legacy point-of-sale system of certain Cheddar’s Scratch Kitchen restaurants, a concept acquired by Darden in 2017, may have been compromised in a cyberattack incident involving restaurants in 23 states. We believe that payment card information, including card numbers, from guests who visited the affected Cheddar’s restaurants between Nov. 3, 2017 and Jan. 2, 2018, may have been exposed. We estimate the exposure to be 567,000 payment card numbers; however, we continue to assess the scope of the incident.
Upon being notified of this incident, we activated our response plan and we engaged a third-party forensic cybersecurity firm to investigate. Our current systems and networks were not impacted by this incident. In fact, this incident occurred on a legacy Cheddar’s system that was permanently disabled and replaced by April 10, 2018, as part of our integration process.
The trust our guests place in us is something we take very seriously, and we regret that this incident occurred. We deeply value our relationships with our guests, and our priority is to assist those who may have been impacted by this incident. That is why we have arranged to have ID Experts provide identity protection services at no cost to those individuals.
Guests who dined at any Cheddar’s restaurant located in Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia and Wisconsin between Nov. 3, 2017 and Jan. 2, 2018, should call (888) 258-7280 for more information about the identity protection services available to them. Representatives are available to answer questions Monday-Saturday, 8:00 a.m. to 8:00 p.m. Eastern (excluding U.S. holidays) and guests can also visit a dedicated website at https://ide.myidcare.com/cheddars.