The company said it is assisting the U.S. Secret Service and a team of third-party forensics experts to find out the extent and damage caused by the security breach. The company has said it currently does not know how many customers were affected and can only confirm the existence of the breach.
"Because we are still in the preliminary stages of our investigation, we encourage our guests to be vigilant about checking their credit card and bank statements," the company said in on its website. "We sincerely regret the inconvenience and concern this may cause for our guests."
The announcement comes after security blogger Brian Krebs reported Wednesday that the restaurant chain was the subject of an attack that took place between late March and May 19. The attack was, according to his report, carried out throughout the company's point-of-sale systems, similar to the cyberattack on Target last year.
Kreb said credit and debit card information from thousands of customers was being sold on a website called rescatir.com, also used by the Target hackers, for $18 to $40 per card.
The restaurant chain said it had created a page on its website to address customer questions and provide regular updates about the breach. The company has also moved to a manual credit card imprinting system for safety reasons.
According to the KrebsOnSecurity website, hackers normally get access to such information by planting malicious software in cash registers that record the credit and debit card information as they are swiped. Hackers then place this information on counterfeit cards and either use them to buy expensive items or sell them on the black market.