Jimmy John’s Says Hacker Took Credit-Card Data at Stores

Jimmy John’s, a sandwich-shop chain based in Champaign, Illinois, said a hacker infiltrated payment systems at about 216 of its locations and stole credit- and debit-card information.

The incident occurred after an intruder took log-in credentials from Jimmy John’s payment-technology vendor and then accessed its point-of-sale systems between June 16 and Sept. 5, the company said today in a statement. The sandwich chain learned of the breach on July 30 and hired forensic experts to handle the investigation, which is continuing.

“The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores,” the company said in the statement.

Jimmy John’s joins a growing list of retail and restaurant companies stricken by hackers in the past year.

Home Depot Inc. (HD), the largest home-improvement chain, said this month that a cyber attack compromised 56 million payment cards. In June, P.F. Chang’s China Bistro Inc., an Asian-themed restaurant company, said credit- and debit- card data were stolen from some of its locations.

Tina Gilman, a spokeswoman for Jimmy John’s, didn’t have an immediate comment.

Jimmy John’s statement that it learned of a potential breach at the end of July means the company waited almost two months to alert customers. That differs from the approach of Home Depot, which announced its breach on the day it discovered the incident. The Atlanta-based retailer followed up last week by giving the number of payment cards affected.

Target Corp. also suffered a high-profile breach last year, when hackers snatched 40 million payment-card numbers.

Jimmy John’s, a closely held company with more than 2,000 stores, was founded in 1983 by Jimmy John Liautaud.

The affected locations included stores in Colorado, Florida, Georgia, Illinois, Michigan and Texas.
www.mobile.businessweek.com