The sandwich chain Jimmy John's confirmed Wednesday that hackers stole customer debit and credit card data from 216 of its stores, making the company the latest victim in a string of cyber attacks against major retailers and restaurants.
A hacker stole login credentials from credit card readers at corporate and franchised locations between June 16 and Sept. 5 of this year, the restaurant chain said in a statement on its website. It learned of the breach on July 30 and hired security experts to help with its investigation.
Jimmy John’s is based in Champaign, Illinois, and has about 1,900 locations. It said the cards impacted were only those swiped at the stores, and not ones entered manually or online. It did not say how many cards were stolen, but said its investigation is still ongoing and it is now safe to use credit and debit cards at its locations.
On its website, the restaurant posted a listing of stores affected by the breach, spanning from Florida to California.
Jimmy John’s also said it has taken steps to tighten security by installing machines that encrypt credit card data and is “reviewing its policies and procedures for its third party vendors.”
While the statement suggested another company may have been the cause of the breach, it did not disclose the company’s name. However, cybersecurity expert Brian Krebs reported nearly two months ago that the theft of cards at Jimmy John's was caused by a cyberattack on a company called Signature Systems, which makes card readers for restaurants.
Krebs reported that banks were seeing a pattern of fraud on cards recently used at Jimmy John’s locations around the country.
Signature Systems did not immediately respond to a request for comment.
Jimmy John's is one of the several stores hacked within the last year, including Home Depot, Target, Neiman Marcus and P. F. Chang's.