Jimmy John's hacked at 216 restaurants in 40 states
Sandwich restaurant chain聽Jimmy聽John's said there was a potential security breach involving customers' credit and debit card data at 216 of its stores and franchised locations on July 30.
An intruder stole log-in credentials from the company's vendor and used the credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16 and Sept. 5, the company said.
The chain is the latest victim in a series of security breaches among retailers such as聽Target Corp, Michaels Stores Inc and聽Neiman Marcus.
Home Depot Inc said last week some 56 million payment cards were likely compromised in a cyberattack at its stores, suggesting the hacking attack at the home improvement chain was larger than the breach at聽Target Corp.
More than 12 of the affected聽Jimmy聽John's stores are in聽Chicago聽area, according to a list disclosed by the company.
The breach has been contained and customers can use their cards at its stores, the privately held company said.
Jimmy聽John's said it has hired forensic experts to assist with its investigation.
"Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online,"聽Jimmy聽John's said on Wednesday.
Parts of the company's press statement on the issue are below:聽
On July 30, 2014, Jimmy John鈥檚 learned of a possible security incident involving credit and debit card data at some of Jimmy John鈥檚 stores and franchised locations. Jimmy John鈥檚 immediately hired third party forensic experts to assist with its investigation. While the investigation is ongoing, it appears that customers鈥 credit and debit card data was compromised after an intruder stole log-in credentials from Jimmy John鈥檚 point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16, 2014 and September 5, 2014. The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John鈥檚 stores.聽
Approximately 216 stores appear to have been affected by this event. Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online. The credit and debit card information at issue may include the card number and in some cases the cardholder鈥檚 name, verification code, and/or the card鈥檚 expiration date. Information entered online, such as customer address, e-mail, and password, remains secure.
...
Jimmy John鈥檚 has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.聽
We apologize for any inconvenience this incident may have on our customers. Jimmy John鈥檚 values the privacy and security of its customers鈥 information, and is offering identity protection services to impacted customers, although Jimmy John鈥檚 does not collect its customers鈥 Social Security numbers.聽
The Champaign,聽Illinois-based company said stolen information may include the card number and in some cases the cardholder's name, verification code, and/or the card's expiration date. (Reporting by Devika Krishna Kumar in Bangalore; Editing by Don Sebastian)
