Sandwich chain Jimmy John’s has reported a security breach, exposing information from customers of 216 locations. According to the chain, the company discovered in the end of July that an unknown assailant stole credentials from a vendor, and accessed the point-of-sale system and installed data collecting malware at some locations between June 16 and September 5 of this year, with most infestations cleared out before the middle of August. The company reports that the security problem has been addressed, and it is once again safe to use credit cards at all stores.
Jimmy John’s representatives have claimed that “Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online.” Forensic investigators and law enforcement has been consulted on the matter.
The company notes that stolen information may contain card number, cardholder’s name, verification code, and the card’s expiration date. The company claims that it doesn’t have a sufficient quantity of information to directly contact those affected by the theft, nor has it publicized how many customers are at risk. It is unknown if the malware is the same strain as those found at Target or Home Depot in recent high-profile data thefts involving millions of customers.
