[NewsPoster]

Sandwich chain Jimmy John's has reported a security breach, exposing information from customers of 216 locations. According to the chain, the company discovered at the end of July that an unknown assailant stole credentials from a vendor, and accessed the point-of-sale system. This action installed data-collecting malware at some locations between June 16 and September 5 of this year, with most infestations cleared out before the middle of August. The company reports that the security problem has been addressed, and it is once again safe to use credit cards at all stores.

Jimmy John's representatives have claimed that "cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online." Forensic investigators and law enforcement has been consulted on the matter.

The company notes that stolen information may contain card number, cardholder's name, verification code, and the card's expiration date. The company claims that it doesn't have a sufficient quantity of information to directly contact those affected by the theft, nor has it publicized how many customers are at risk. It is unknown if the malware is the same strain as those found at Target or Home Depot in recent high-profile data thefts involving millions of customers.

[gprovida]

Let's see, they think it happened over 4 months and their systems are now clean, BUT

1. They have not told their customers until today sort of
2. They are unable to ID who their customers were, but criminals can?
3. There appears to be NO legal requirement to let people know ASAP

So ID theft is trivial and everyone gets a new card.

Oh by the way, I don't think they are on the list of Apple Pay companies, I guess it cost too much money, especially when there is no real down side except some brief bad publicity lost in the sea of Merchants getting hacked on a grand scale.

One can almost sympathesize with the criminals. They have so much data managing it is a big problem.