Loading...
You are here:  Home  >  News  >  Collinsville  >  Current Article

Collinsville Jimmy John’s hit by data security breach

By   /  September 25, 2014  /  No Comments

    Print       Email

Sandwich restaurant chain Jimmy John’s announced Wednesday that credit and debit card data was compromised at approximately 216 of its stores, including the one at 501 Beltline Road in Collinsville.

Jimmy John's at 501 Beltline Road, Collinsville / Photo by Roger Starkey

Jimmy John’s at 501 Beltline Road, Collinsville / Photo by Roger Starkey

The credit and debit card information which may have been taken may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date, the company said in a press release. The security breach does not include account information entered online nor did it affect credit and debit cards entered online or entered manually in the stores.

The cause of the incident was malware installed on point of sale devices in stores, most on July 1, although a small number of stores were impacted beginning June 16, the company said. The Malware was removed from most devices between Aug.3 and Aug. 5.

Customers of the Collinsville location were affected between June 26 and Aug. 1, information provided by the company indicates.

The company learned of the issue on July 30 and immediately hired a forensic investigator. Although the investigation is ongoing, it appears an intruder stole log in credentials from Jimmy John’s point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems, Jimmy John’s said.

Encrypted swipe machines have been installed and system enhancements implemented in an attempt to prevent future incidents. The company said it also reviewing its policies and procedures for its third party vendors.

The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores, the company said.

Every customer that used a credit or debit card at an affected location, while the location was affected, is automatically eligible for free identity protection through AllClear ID. Access to this service is automatically available with no enrollment required for the next 12 months starting Sept. 24. There is no action required. If a problem arises, customers should call 855-398-6442 and an investigator work to recover financial losses, restore credit and make sure the customer’s identity is returned to its proper condition.

A list of all affected locations can be found at https://www.jimmyjohns.com/datasecurityincident/storedates.html

    Print       Email

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.