The Jimmy John’s fast-casual sandwich chain said it has notified customers that credit card information could have been stolen from 216 stores this summer.
A forensic investigator traced the breach to the theft of log-in credentials from a POS vendor, the chain said in a statement. It did not identify the suppliers.
Using the log-ins, the hacker mined the credit card data of the 216 franchised and corporately managed units from June 16 through Sept. 5. The swiped information could include credit card numbers, expirtion dates and verification codes, Jimmy John’s said.
However, only cards used within the stores appear to have been compromised. The franchisor said that cards used for online transactions were unaffected.
Encrypted swipe machines have been installed to prevent any future breaches, and the company is reviewing the policies and procedures of its vendors.