Jimmy John’s Says Hacker Took Credit-Card Data at Stores

Jimmy John’s, a sandwich-shop chain based in Champaign, Illinois, said a hacker infiltrated payment systems at about 216 of its locations and stole credit- and debit-card information.

The incident occurred after an intruder took log-in credentials from Jimmy John’s payment-technology vendor and then accessed its point-of-sale systems between June 16 and Sept. 5, the company said today in a statement. The sandwich chain learned of the breach on July 30 and hired forensic experts to handle the investigation, which is continuing.

“The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores,” the company said in the statement.

Jimmy John’s joins a growing list of retail and restaurant companies struck by hackers in the past year. Home Depot Inc., the largest home-improvement chain, said this month that a cyber attack compromised 56 million payment cards. In June, P.F. Chang’s China Bistro Inc., an Asian-themed restaurant company, said credit- and debit-card data were stolen from some of its locations.

Home Depot

Jimmy John’s statement that it learned of a potential breach at the end of July means the company waited almost two months to alert customers. That differs from the approach of Home Depot, which announced its breach on the day it discovered the incident. The Atlanta-based retailer followed up last week by giving the number of payment cards affected.

Jimmy John’s declined to comment on why it took so long to disclose the attack.

“We were contacted by law enforcement and will continue to cooperate with their investigation,” the company said in an e-mailed statement.

Target Corp. also suffered a high-profile breach last year, when hackers snatched 40 million payment-card numbers.

Jimmy John’s, a closely held company with more than 2,000 stores, was founded in 1983 by Jimmy John Liautaud. The affected locations included stores in Colorado, Florida, Georgia, Illinois, Michigan and Texas.

Customers who used their cards at one of the 216 stores during specified dates are eligible for free identity protection from AllClear ID.

Before it's here, it's on the Bloomberg Terminal.
LEARN MORE