Menu
Credit card breach that hit Jimmy John's is larger than originally thought

Credit card breach that hit Jimmy John's is larger than originally thought

An additional 108 restaurants were also affected, said credit-card processor Signature Systems

Signature Systems says the breach of its point-of-sales system that hit 216 Jimmy John's sandwich shops is actually 50 percent larger than originally thought.

The company said Friday that an additional 108 restaurants that use its payment terminals were also hit. The additional locations are independent restaurants not part of the Jimmy John's chain.

The breach is thought to have begun on June 16 when someone began gaining access to the terminals through a user name and password that are normally used to remotely manage the devices. Companies like Signature Systems use remote management so they don't have to send a technician to each store, saving time and money but also opening the devices up to just the sort of attack that happened.

It wasn't until July 30 that the company first learned there could be a problem. It took a week for the malware to be removed from most terminals, although it wasn't completely gone from just about all until mid-September. At some restaurants, the company still hasn't verified that the malware has been removed, but says the attack has been blocked.

The malware installed was capable of stealing the cardholder's name, card number, expiration data and verification code from the magnetic stripe on the back of the card.

Cards used at the affected locations in a three-month period from mid-June were potentially at risk of being compromised. The company has posted a list of all independent restaurants and the time frames in question on its website, and there's a similar list on the Jimmy John's website.

It shows, for example, that at the Roman Delight restaurant in Southampton, Pennsylvania, the malware was present for just four days in mid-June, while at Apollo Pizza in Philadelphia, the malware was present for three months.

The bad news for consumers is that Signature Systems says it's unable to identify the specific cards that were stolen, so it doesn't know the names and addresses of potential victims. The company is asking customers who used payment cards at the restaurants to watch for fraudulent charges and notify their bank if they appear.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Signature Systemssecuritydata breachmalware

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments