Another retail shop has been hit with a point-of-sale information breach. Jimmy John’s, a nationwide sandwich shop operating over 1,900 stores, reports they’ve been hacked. Just like Home Depot and Target ahead of them, this one points right back to the point of sale terminal.
Jimmy John’s says they learned of the hack on July 30, which prompted them to bring in security experts to assist in the investigation. The hackers sniped credit card numbers from terminals at 216 stores spanning the entire nation. A list of affected stores is available on Jimmy Johns’ website.
Jimmy John’s notes it was only cards swiped at those stores which were affected. No other locations were found to be at-risk, and card info entered online or manually at stores were compromised.
The company has already begun taking procedures to thwart additional hacks, and have started the process of installing devices that encrypt card data at the store level. the restaurant chain will also be “reviewing its policies and procedures for its third-party vendors”.
It was a third-party vendor found to be vulnerable in the Target breach, and could be the case here. According to security website Krebs on Security, the actual point-of-sale terminal manufacturer may be the problem this time around. Signature Systems is the recommended POS for Jimmy Johns’ franchise partners, with many stores affected reporting they use that hardware.
Jimmy Johns has yet to release the reason for this breach. In the meantime, if you’ve eaten at Jimmy John’s recently and paid with a card — get a new card issued to you from your bank.
Source: Jimmy Johns