News

Actions

Jimmy John’s reveals data breach at 216 locations, two in Hampton Roads

Posted at 3:43 PM, Sep 24, 2014
and last updated 2014-09-24 19:29:06-04

Sandwich shop giant Jimmy John’s said today it “learned of a possible security incident involving credit and debit card data at some of Jimmy John’s stores and franchised locations.”

Jimmy John’s says approximately 216 stores appear to be affected. Two locations are in Hampton Roads including the location at Landstown Centre Way Unit 110 in Virginia Beach and one on High Street in Portsmouth.   FULL LIST HERE.

They learned about the breach on July 30th. At that time, they hired forensic experts to help with an investigation. They say some customers’ information was compromised after someone stole log-in credentials  from a Jimmy John’s point-of-sale vendor and used the credentials to access the point-of-sale systems at some corporate and franchised locations between June 16th and September 5th.

The compromise has been contained and customers can now use their cards safely at all locations.

They say this breach included cards that were swiped at the stores and not those that were entered manually or online.

Jimmy John’s says they have taken steps to prevent this from happening in the future.

The company is now offering identity protection services to those customers who have been affected. If you need to use these services, please call 855-398-6442 for more information.

They are also urging customers to monitor their credit and debit card accounts and to notify their banks if they notice any suspicious activity.

Retailers Home Depot, Neiman Marcus, Michaels and Target have also been attacked by hackers in the past year.

Jimmy John’s full statement:

On July 30, 2014, Jimmy John’s learned of a possible security incident involving credit and debit card data at some of Jimmy John’s stores and franchised locations. Jimmy John’s immediately hired third party forensic experts to assist with its investigation.

While the investigation is ongoing, it appears that customers’ credit and debit card data was compromised after an intruder stole log-in credentials from Jimmy John’s point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16, 2014 and September 5, 2014. The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores.

Approximately 216 stores appear to have been affected by this event. Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online. The credit and debit card information at issue may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date. Information entered online, such as customer address, e-mail, and password, remains secure. The locations and dates of exposure for each affected Jimmy John’s location are listed onhttp://www.jimmyjohns.com.

Jimmy John’s has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.

We apologize for any inconvenience this incident may have on our customers. Jimmy John’s values the privacy and security of its customers’ information, and is offering identity protection services to impacted customers, although Jimmy John’s does not collect its customers’ Social Security numbers. To take advantage of these services, or for more information, call (855) 398-6442. In addition, customers are encouraged to monitor their credit and debit card accounts, and notify their bank if they notice any suspicious activity. Additional recommendations for protecting your information can be found at http://www.jimmyjohns.com.

Jimmy John’s will post information related to its ongoing investigation on the Company’s website, www.jimmyjohns.com.