Darden Restaurants Inc. said Aug. 22 that a cyberattack incident may have compromised the point-of-sale system of its Cheddar's Scratch Kitchen restaurants in 23 U.S. states.

The Orlando, Fla.-based restaurant chain operator said it believes 567,000 payment card numbers may have been exposed in the breach. The card information came from guests who dined at the affected restaurants between Nov. 3, 2017, and Jan. 2, 2018.

Federal authorities notified the company about the attack on Aug. 16.

Darden said it is continuing to assess the scope of the incident. It added that it has already engaged a third-party cybersecurity firm to investigate the breach, and clarified that its current systems and networks were not affected. The legacy point-of-sale system at the Cheddar's stores was permanently disabled and replaced on April 10 as part of the company's integration process.

The company said it is assisting customers who may have been impacted by this incident by providing them with identity protection services at no cost.