Signature Systems Data Breach (2014)

A nationwide data breach has Jimmy John's with a fiasco on its hands. The company released a statement today saying that it became aware of the incident at the end of July. Many customers think that the place that promises "freaky fast delivery" took its time alerting them. And that left many Jimmy John's customers that with a bad taste in their mouths. For more details including the reactions of employees and customers, watch the video for the complete report. Eighteen locations were affected by the breach in Michigan including two in Sterling Heights, Novi, Livonia and East Lansing. Other stores were Madison Heights, Warren, Ypsilanti, Canton, Niles, Royal Oak, Bloomfield Hills, Marquette and Bay City. For a full list of locations and addresses, click here. An excerpt of the company's statement said: "We apologize for any inconvenience this incident may have on our customers. Jimmy John's values the privacy and security of its customers' information, and is offering identity protection services to impacted customers, although Jimmy John's does not collect its customers' Social Security numbers. To take advantage of these services, please visit Contacts & Information here. For more information, call (855) 398-6442. In addition, customers are encouraged to monitor their credit and debit card accounts, and notify their bank if they notice any suspicious activity. Additional recommendations for protecting your information can be found here. Additional info will be posted at jimmyjohns.com." ignature Systems responsible for the payment information leak at the 216 Jimmy John's sandwich stores Vendor of point-of-sale (PoS) equipment Signature Systems announced that an unauthorized person managed to infiltrate malware on its payment terminals in 324 restaurant locations across the United States. The incident impacted credit and debit cards at 216 Jimmy Johns stores and franchised locations, announced by the sandwich chain on Wednesday. Signature Systems has been blamed for compromising card data of Jimmy Johns customers, but the disclosure statement did not give any names, saying that an intruder stole log-in credentials from Jimmy Johns point-of-sale vendor. In an official statement issued on Friday, Signature Systems informed that 108 other restaurant locations using its payment terminals were affected, apart from the Jimmy Johns ones. It took three months to clear all affected systems of malware The first sign of intrusion was traced back to June 16, when an unauthorized person used Signature Systems credentials for remote access to the PoS systems in the restaurants. Once logged in, the perpetrator proceeded to install malware designed to capture payment card data from cards that were swiped through terminals in certain restaurants. The information exposed consisted of the name of the cardholder, credit and debit card number, as well as expiration date and verification code from the magnetic stripe. After receiving alerts of a possible breach on July 30 and during the ensuing week, the company cleared the malicious software from the payment terminals in most of the affected locations. Removing the malware from all machines was not possible until mid-September. In the case of Jimmy Johns, the last unauthorized access happened on September 5. Number of impacted customers is unknown The company says that it could not identify the cards impacted by the incident and it does not have names or addresses of the potentially affected customers. As such, it falls in the hands of each individual that used their card at one of the compromised locations to notice fraudulent charges and notify the bank that issued the card. A list of all affected locations and the timeframe of the compromise is provided in the disclosure announcement. In some cases, the breach lasted only a few days, but there are restaurants where even a three-month compromise period is given. Most of the locations are pizza shops, but places serving other dishes are also on the list, such as Wings to Go, Costello's Italian Ristorante, Romanellis or Austin's Bar & Grill. Signature Systems also provides details on what potentially affected customers can do in the case of fraudulent transactions on their cards.