Nearly two months after it learned of a possible data breach, sandwich chain Jimmy John’s said about 216 stores were affected and customer payment card information has been compromised.
The Champaign, Ill.-based company did not give an indication of how many debit and credit cards were exposed but it said information including card numbers, name, verification code, and expiration date could have been taken by customers who swiped cards at affected locations.
In a statement, it said an investigation is ongoing but claimed the “security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores.”
Jimmy John’s said log-in credentials were stolen from its point-of-sale vendor and used to remotely access other terminals at corporate and franchised locations from June 16 — September 5.
On July 30 the sandwich-maker said it learned of a possible breach and immediately hired third-party forensic experts. It said it has “taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.”
Jimmy John’s is offering identity protection services to impacted customers.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
