Hacker breaks into Jimmy John’s customer data
September 24, 2014
The Jimmy John’s restaurant at the intersection of Fourth Street and Lincoln Avenue is one of 216 locations in which some customers’ credit and debit card information has been breached.
The company released a statement Wednesday explaining the incident and listing the locations affected.
According to the statement, an intruder stole login information from a third party service provider that works for the Jimmy John’s website.
The intruder then installed malware into the restaurant’s sale system and subsequently accessed information including cardholder names, card numbers, expiration dates and verification codes.
The breach occurred for most locations, including Charleston, on July 1, though for some it was as early as June 16.
The statement said all malware has been removed; for most places it was removed Aug. 5, and for Charleston it was removed Aug. 1.
It also said encrypted swipe machines have been installed, so customers are now safe to use their cards at Jimmy John’s.
Encrypted data is turned into a code in order to prevent unauthorized access.
The statement said Jimmy John’s cannot inform customers whose information was stolen, so those concerned should contact their banks if they notice something off about their statements.
Jimmy John’s is also offering identity repair service from the company AllClear ID for those who made electronic purchases during the listed dates.
More information can be found at the Data Security Incident page of the Jimmy John’s website:
Stephanie Markham (@stephm202) can be reached at 581-2812 or samarkham@eiu.edu.