The Jimmy John's sandwich restaurant chain revealed that there was a possible breach in security involving all credit card and debit card data of its customers.
The potential security breach occurred from June 16 to Sept. 5 in 216 Jimmy John's branches across 37 states.
According to Jimmy John's, a hacker acquired login credentials from the vendor of the company and used it to access point-of-sale systems in some franchised and corporate locations remotely. The hacker then installed pieces of malware on the machines that are used by the stores for swiping credit cards.
Included in the information that was stolen are the names of the customers and their credit card numbers, verification codes and expiration dates. The stolen information were obtained only from the cards that were swiped at the outlets, not from those that had their information entered into the systems manually or were coded in online.
Jimmy John's said that on July 30, the company tapped forensic investigators to examine the possible breach. The investigators came to the conclusion that the hacker was able to access the point-of-sale systems through the compromised login credentials.
"Jimmy John's has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third-party vendors," the company said.
Jimmy John's also said that it is offering identity protection services to customers who have had their information compromised by the security breach.
Over a dozen of the hacked stores of Jimmy John's are located in Chicago, according to the list of affected stores disclosed by the company.
In Michigan, 18 Jimmy John's stores were affected by the security breach, while in Kansas City, three were compromised.
Jimmy John's is the latest chain that has been victimized by a security breach.
Earlier in the month, Home Depot confirmed that the company was involved in a security breach that affected the company's payment data systems, similar to the breach that Jimmy John's suffered.
However, the attack on Home Depot was on a much wider scale, as the company believes that the breach possibly affected all of the Home Depot stores in North America.
The extent of the security breach has yet to be determined.
"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue. We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred," said Home Depot CEO and chairman Frank Blake.