POS Systems at Jimmy John’s and 108 Other Restaurants Affected by Malware Breach

In a saga that seems to have no end, the sandwich restaurant chain Jimmy John’s is the most recent company to acknowledge a major point-of-sale system breach.

It’s a refrain that anyone who’s been following the POS breaches knows by heart: malware was once again used to steal customer credit card data, including card numbers, cardholder names, expiration dates and verification codes.

At least 216 of Jimmy John’s locations were affected, between June 16, 2014 and Sept. 5, 2014. The malware appears to have been installed on the company’s POS devices on July 1, 2014, and the bulk of it was discovered and removed between Aug. 3 and Aug. 5, 2014.

Jimmy John’s says that it doesn’t have access to the information that would allow them to contact affected customers, but customer can view a list of affected stores with dates of exposure online.

“Jimmy John’s has taken steps to prevent this type of event from occurring in the future,” the company said in a statement, “including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.”

Unfortunately, this particular breach doesn’t end with Jimmy John’s. A total of 108 independent restaurant locations running POS equipment provided by Signature Systems have been affected as well, according to a statement released by the POS provider. POS systems allow retailers and restaurants to review daily sales reports and retain customer information. It’s the second feature that hackers are taking advantage of.

A full list of the affected restaurants can be viewed at http://www.pdqpos.com/notice.html.

“We have determined that an unauthorized person gained access to a user name and password that Signature Systems used to remotely access PoS systems,” Signature Systems announced in a statement. “The unauthorized person used that access to install malware designed to capture payment card data from cards that were swiped through terminals in certain restaurants.”

This statement echoes many statements released by companies in the last year. The U.S. Department of Homeland Security issued a warning last month that over 1,000 American businesses had been affected by the infamous Backoff POS malware alone.

Consumers are advised to watch for any unusual charges on their accounts, and retailers are advised to upgrade and secure their POS systems.

Leave a Reply