Cheddar’s Scratch Kitchen restaurant chain reports card data breach

Source: Cheddar’s Scratch Kitchen

We take the privacy and security of our guests’ personal information very seriously. This notice is to inform you that some Cheddar’s Scratch Kitchen restaurants have been the victims of cyberattacks, which may have resulted in unauthorized access to or acquisition of your payment card information.

Below you will find more information about the incident and the steps we are taking, as well as the steps you can take, to help protect you and minimize the risk of your payment card information being misused.

What Happened

On August 16, 2018, Cheddar’s Scratch Kitchen (a concept acquired by Darden Restaurants in 2017) learned that between November 3, 2017 and January 2, 2018, an unauthorized person or persons gained access to the Cheddar’s Scratch Kitchen network and were able to access and potentially obtain payment card information used to make purchases in certain Cheddar’s Scratch Kitchen restaurants in the following states: Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, and Wisconsin.

Once Cheddar’s Scratch Kitchen learned of this incident, we engaged a third-party cybersecurity firm to investigate. Our current systems and networks were not impacted by this incident. The unauthorized access appears to have occurred on a network that was permanently disabled and replaced by April 10, 2018. It’s important to note that there are no indications of unauthorized access to the current Cheddar’s Scratch Kitchen network and systems.

What Information Was Involved

While the investigation continues, our current understanding is that the affected personal information involved payment card information, including payment card numbers.

What We Are Doing

We take the privacy and security of your personal information very seriously. As noted, this incident occurred on a network that was permanently disabled and replaced by April 10, 2018. As an added precaution, we have arranged to have ID Experts® provide identity protection services at no cost to those individuals who may have been affected by the incident. To enroll for the services, please call (888) 258-7280 by November 22, 2018. ID Experts is offering the following services: MyIDCare services include 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services. With this protection, MyIDCare will help you resolve issues if your identity is compromised.

What You Can Do

Enroll in the identity protection services we are providing. Even if you choose not to enroll, we recommend that you remain vigilant and take steps to protect yourself from identity theft by reviewing your account statements and by checking your credit report from one or more of the national credit reporting agencies periodically. You are entitled to obtain a free annual credit report from each of the nationwide credit reporting companies—Equifax, Experian, and TransUnion. To do so, please go to or call 1-877-322-8228. If you notice any suspicious activity, you should promptly report such activity to the proper law enforcement agencies.

We also recommend that you consider placing a fraud alert on your credit files. Adding a fraud alert to your credit report file makes it more difficult for someone to get credit in your name by requiring creditors to follow certain procedures. However, this may also delay your ability to obtain credit. No one is allowed to place a fraud alert on your credit report except you, so if you elect to do so, contact one of the three nationwide credit reporting agencies. The first agency that processes your fraud alert will notify the others to do so as well.

You may also add a security freeze to your credit report file to prohibit a credit reporting agency from releasing information from your credit report without your prior written authorization. In some cases, agencies may charge a fee to place or remove such a freeze. 

Comments: (0)