US-based restaurant chain PDQ has reported a cyber-attack on its computer systems, which compromised personal information of some of its customers who paid with credit cards.

The data breach occurred between 19 May 2017 and 20 April 2018, and affected all PDQ locations that were operational during this time period.

The data that was compromised include customer names, credit card numbers, expiration dates and cardholder verification value.

The company believes that the attacker entered using an outside technology vendor’s remote connection tool.

“Based on the nature of the breach, it was not possible to determine the identity or exact number of credit card numbers or names that were accessed or acquired during the breach time period. If you used a credit card for your purchase at a PDQ restaurant during the breach period, then your credit card number, expiration date, cardholder verification value and or name may have been accessed or acquired by a hacker,” PDQ said in a statement.

While PDQ has already launched an investigation and performed a forensic review, it failed to determine the exact volume of card numbers or names affected during the attack.

The company already reported the issue to law enforcement and said that it is taking measures to prevent the recurrence of such incidents.