Hackers stole credit-card data from 216 Jimmy John’s stores from June to September, the sandwich shop chain said in a statement issued on Sept. 24. Compared to large-scale hacks on Home Depot and Target, each of which gave thieves access to tens of millions of credit- and debit-card numbers, the scope of the Jimmy John’s breach will probably be small. But the fallout from the hack—as well as recent data thefts at Dairy Queen (the malware that hit Target), 51 UPS franchises, and additional chains—has an interesting implication for franchisees.
Franchise systems comprise many individual business owners. The amount of independence they have from the franchisor varies, depending on the chain. For many franchises, payments and data storage are the franchisee’s responsibility, says Lee Plave, a franchise lawyer in Reston, Va. Because of that, security standards differ. What franchises do share, says Plave, is brand exposure: “If I’m running a bad store, and my staff is surly, and the bathrooms are filthy, it affects everyone else in the franchise business,” he says.