ORLANDO, Fla. -- Darden Restaurants said Wednesday that a "cyberattack incident" at one of its nationwide restaurant chains may have exposed more than half a million payment card numbers.

  • Card numbers used at Cheddar's Scratch Kitchen compromised
  • Darden says legacy system was involved in 'cyberattack incident'
  • Orlando-based company offering free ID protection services

The company, headquartered in Orlando, Fla. said a legacy system used at Cheddar's Scratch Kitchen restaurants in 23 states may have been attacked. It was notified of the possible breach by federal authorities. Darden announced its acquisition of Cheddar's in March 2017.

Darden says the payment cards of guests who dined at Cheddar's between Nov. 3, 2017 and Jan. 2, 2018 -- about 567,000 -- may have been compromised. Cheddar's operates in Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia and Wisconsin.

It said the legacy Cheddar's system was permanently replaced by April 2018, and the current system was not compromised.

Darden is offering free identity protection services to those impacted; call (888) 258-7280 or go to https://ide.myidcare.com/cheddars for more information.