Jimmy John’s says customers’ credit, debit card data compromised in security breach

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

CHAMPAIGN, Ill. (September 24, 2014) – Jimmy John’s says it has learned that customers’ credit and debit card data has been compromised in a data security breach.

On July 30th Jimmy John’s learned of a possible security incident involving credit and debit card data at some of Jimmy John’s stores and franchised locations.

Jimmy John’s immediately hired third party forensic experts to assist with its investigation.

While the investigation is ongoing, it appears that customers’ credit and debit card data was compromised after an intruder stole log-in credentials from Jimmy John’s point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16, 2014 and September 5, 2014.

The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores.

Approximately 216 stores appear to have been affected by this event.

Wisconsin locations include the following stores:

  •  STORE 0670 Oshkosh , WI 70 Wisconsin St. — 6/16/2014 – 8/1/2014
  •  STORE 0113 Milwaukee , WI 1532 West Wells St. — 6/16/2014 – 8/7/2014
  •  STORE 1123 River Falls , WI 477 Spruce St. — 6/16/2014 – 8/8/2014
  •  STORE 1411 Sheboygan , WI 2633 Calumet Ave. — 7/1/2014 – 8/1/2014
  •  STORE 0112 Portage , WI 2643 New Pinery Rd. — 7/23/2014 – 8/1/2014

Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online.

The credit and debit card information at issue may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date. Information entered online, such as customer address, e-mail, and password, remains secure.

Jimmy John’s is saying this about the security breach:

“Jimmy John’s has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.

We apologize for any inconvenience this incident may have on our customers.”

Jimmy John’s is offering identity protection services to impacted customers, although Jimmy John’s does not collect its customers’ Social Security numbers.

To take advantage of these services, CLICK HERE to learn more. For more information, call (855) 398-6442.

Customers are encouraged to monitor their credit and debit card accounts, and notify their bank if they notice any suspicious activity.

Jimmy John’s will post information related to its ongoing investigation on the Company’s website, www.jimmyjohns.com.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.