Another data breach, this time at the Jimmy John's sandwich shop chain. The company announced Wednesday that customer credit and debit card information was stolen from approximately 216 of its stores nationwide between June 16 and Sept. 5. Twelve of the affected stores are in Minnesota.
It's the latest in a long string of large retailers who have had their electronic payment systems hacked, and customer date stolen, over the past several months.
Jimmy John's, based in Champaign, Ill., said an intruder stole the log-in credentials from the company's point-of-sale vendor and used that information to remotely access the payment systems at the affected locations. The company said only cards swiped at stores appear to be affected; information customers entered for online transactions is safe.
The hackers could have acquired cardholder names, card numbers, expiration dates and verification codes.
Jimmy John's said it became aware of the problem July 30. The company said it removed the malicious software and will take other steps to prevent more security breaches, including installing encrypted swipe machines, implementing system enhancements, and reviewing policies and procedures for third-party vendors.
Jimmy John's said it doesn't have enough information to contact individual customers who may have been affected, but said it will offer free identity protection services.
Here's a list of the 12 Minnesota stores and dates of the breach, compiled by the Minneapolis-St. Paul Business Journal.
- Burnsville, 2001 Cliff Road E. Suite 100 (7/1/2014 - 8/1/2014)
- Detroit Lakes, 147 Veterans Memorial Parkway (7/1/2014 - 8/1/2014)
- Golden Valley, 8008 Olson Memorial Highway (7/1/2014 - 8/2/2014)
- Maple Grove, 8099 Wedgewood Lane N. (6/16/2014 - 8/8/2014)
- Minneapolis, 3001 Hennepin Ave. S. (6/17/2014 - 8/3/2014)
- Minneapolis, 1 W. Franklin Ave. (7/1/2014 - 7/15/2014)
- Roseville, 1631 County Road C (6/26/2014 - 8/1/2014)
- St. Louis Park, 5340 16th St. (6/16/2014 - 8/7/2014)
- St. Paul, 80 Snelling Ave. N. Suite. C (7/1/2014 - 8/1/2014)
- St. Paul, 2127 Old Hudson Road (7/1/2014 - 8/3/2014)
- White Bear Lake, 1048 Meadowlands Drive (7/1/2014 - 8/1/2014)
- Wilmar, 1017 1st Street (7/1/2014 - 8/1/2014)
Other major retailers including Target, Home Depot, Cub Foods and Dairy Queen have announced similar data breaches that have affected millions of customers nationwide. Jimmy John's did not say whether its attackers used the same type of malware to steal the credit card information.