U.S. sandwich restaurant chain Jimmy John’s reported last week of a possible theft of its customers’ credit and debit card information at 216 of its stores and franchised locations.
“The credit and debit card information at issue may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date. Information entered online, such as customer address, e-mail, and password, remains secure,” informed a statement published online. “The locations and dates of exposure for each affected Jimmy John’s location are listed on affected stores and dates.”
However, cards that had been swiped at the stores seem to be affected, and not the ones that were entered manually or online.
Third party forensic experts have been hired to help with the investigation. The breach took place between June 16, 2014 and September 5, 2014, when a miscreant manages to steal log-in credentials from Jimmy John’s point-of-sale vendor and it to remotely access the point-of-sale systems at the outlets.
According to online security blogger, Brian Krebs, who first broke the news in July, “Point-of-sale vendors remain an attractive target for cyber thieves, perhaps because so many of these vendors enable remote administration on their hardware and yet secure those systems with little more than a username and password — and often easy-to-guess credentials to boot.”
The restaurant chain came to know of this on the 30th of July, and they now claim that the security compromise has been contained. Customers can use their credit and debit cards securely at Jimmy John’s stores, reports the statement.
Read more here.
(Image Source: Matthew C.Wright)
