Brinker International, the restaurant's parent company, said in a statement they learned about the incident on May 11 and believe the breach occurred between March through April of this year, but are still searching for more information.
"We immediately activated our response plan upon learning of this incident," Brinker International said in a statement. "We are working with third-party forensic experts to conduct an investigation to determine the details of what happened."
Brinker International believes malware allowed for cardholder names and customer credit or debit card numbers to be compromised from its system used for in-restaurant purchases.
The company did not say which restaurants were affected. The restaurant chain is working with law enforcement to find out who is behind the data breach.
Brinker said it would provide additional updates on its website. In the meantime, it suggests customers monitor their bank and credit card statements.