Menu
Credit card breach that hit Jimmy John's is larger than originally thought

Credit card breach that hit Jimmy John's is larger than originally thought

An additional 108 restaurants were also affected, said credit-card processor Signature Systems

Signature Systems says the breach of its point-of-sales system that hit 216 Jimmy John's sandwich shops is actually 50 percent larger than originally thought.

The company said Friday that an additional 108 restaurants that use its payment terminals were also hit. The additional locations are independent restaurants not part of the Jimmy John's chain.

The breach is thought to have begun on June 16 when someone began gaining access to the terminals through a user name and password that are normally used to remotely manage the devices. Companies like Signature Systems use remote management so they don't have to send a technician to each store, saving time and money but also opening the devices up to just the sort of attack that happened.

It wasn't until July 30 that the company first learned there could be a problem. It took a week for the malware to be removed from most terminals, although it wasn't completely gone from just about all until mid-September. At some restaurants, the company still hasn't verified that the malware has been removed, but says the attack has been blocked.

The malware installed was capable of stealing the cardholder's name, card number, expiration data and verification code from the magnetic stripe on the back of the card.

Cards used at the affected locations in a three-month period from mid-June were potentially at risk of being compromised. The company has posted a list of all independent restaurants and the time frames in question on its website, and there's a similar list on the Jimmy John's website.

It shows, for example, that at the Roman Delight restaurant in Southampton, Pennsylvania, the malware was present for just four days in mid-June, while at Apollo Pizza in Philadelphia, the malware was present for three months.

The bad news for consumers is that Signature Systems says it's unable to identify the specific cards that were stolen, so it doesn't know the names and addresses of potential victims. The company is asking customers who used payment cards at the restaurants to watch for fraudulent charges and notify their bank if they appear.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags Signature Systemssecuritydata breachmalware

Featured

Slideshows

Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments