Jimmy John’s, the quick-serve sandwich chain with over 2,000 locations across the U.S., is the latest firm to announce a data breach. The company issued a statement that customer credit and debit card data was potentially compromised between June 16 and Sept. 5. Apparently, Jimmy John’s was alerted to the possible breach on July 30.
Details of the breach were detailed in the statement:
- Customers’ credit and debit card data was compromised, including card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date.
- The intruder gained access using stolen login information from Jimmy John’s POS vendor.
- The stolen login credentials were used to remotely access the POS systems at some corporate and franchise locations.
- A total of 216 stores have been affected. The locations and dates of exposure for each affected Jimmy John’s location are listed here.
- Only cards swiped at those stores have potentially been compromised. Cards entered manually and online purchases are not affected.
The investigation is ongoing and Jimmy John’s said the compromise has now been contained. Jimmy John’s is urging customers to monitor their accounts and notify their banks if they notice any suspicious activity. Jimmy John’s is also offering identity protection services to impacted customers.