CHAMPAIGN, Ill. -- Sandwich quick-service restaurant (QSR) chain Jimmy John's is the latest retailer to experience a data security breach. On July 30, 2014, Jimmy John's learned of a possible security incident involving credit-card and debit-card data at more than 200 of its stores and franchised locations, the company said on its website.
It joins retailers including Home Depot, SuperValu, Albertson's, Target and Michaels, to name just a recent few. In the convenience store and gas station channel, 7-Eleven and Mapco have experienced recent payment systems breaches.
Jimmy John's said it immediately hired-third party forensic experts to assist with its investigation.
While the investigation is ongoing, it appears that customers' credit- and debit-card data was compromised after an intruder stole log-in credentials from Jimmy John's point-of-sale (POS) vendor and used these stolen credentials to remotely access the POS systems at some corporate and franchised locations between June 16, 2014, and Sept. 5, 2014.
The security compromise has been contained, said the company, and customers can use their credit and debit cards securely at Jimmy John's stores.
Approximately 216 stores appear to have been affected by this event, the company said.
Cards affected by this event appear to be those swiped at the stores, and did not include those cards entered manually or online. The credit- and debit-card information at issue may include the card number and in some cases the cardholder's name, verification code and the card's expiration date. Information entered online, such as customer address, e-mail and password, remains secure.
Click here for the locations and dates of exposure for each affected Jimmy John's.
Jimmy John's said it has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements and reviewing its policies and procedures for its third-party vendors.
"We apologize for any inconvenience this incident may have on our customers. Jimmy John's values the privacy and security of its customers' information, and is offering identity protection services to impacted customers, although Jimmy John's does not collect its customers' Social Security numbers," the company said.
Champaign, Ill.-based Jimmy John's Franchise LLC has more than 2,000 locations in 43 states.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.