Jimmy John’s is the latest United States company to fall victim to a near nationwide data breach where a large number of customers’ credit and debit card information was stolen by hackers.
According to the sandwich restaurant chain, the possible security infiltration took place from Jun. 16 to Sept. 5 in more than 200 Jimmy John’s restaurants in 37 states. The restaurant noted that a cyber criminal obtained log-in credentials from the vendor of the company and accessed its point-of-sale (POS) systems in franchised and corporate locations remotely. The next step for the culprits was to install malware on the machines.
The stolen information consisted of customer names, credit card numbers, expiration dates, verification pins and other personal data. The company confirmed that the compromised data was only taken from cards swiped at the locations and not entered into the systems or coded online.
A list of affected stores shows that more than a dozen of the hacked stores were located in Chicago. Eighteen Jimmy John’s restaurants were affected in the state of Michigan and another three in Kansas City.
“The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores,” the company said in a statement Wednesday, adding that it’s offering identity protection services for 12 months to patrons who were personally affected.
“Jimmy John’s has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.”
The Champaign, Illinois-based Jimmy John’s maintains more than 2,000 locations.
In the last year alone, several national retailers have had their POS systems compromised and hurt millions of customers, including Target, Neiman Marcus, UPS, Michaels Stores, Walmart and SuperValu.
