Jimmy Johnâ€™s, a US-based food chain, confirmed its POS systems fell victim to a hacker who allegedly stole credit and debit card data from 261 stores, according to a press release posted on the company web site.
The intruder apparently stole log-in credentials from one of the chainâ€™s point-of-sale vendors and used them to remotely access the POS systems of other franchise locations and implant malware. The breach occurred between June 2014 and September 2014. The company said it found out about the incident a month later.
Only cards swiped at Jimmy Johnâ€™s locations were exposed. The compromised data may include the cardholder name, debit or credit card numbers, expiration date and the verification code.
Any personal information collected by the site, such as email addresses and passwords, â€œremains secure,â€ the company said. The chain also said it does not collect clientsâ€™ Social Security numbers.
The company says it is investigating the incident and has taken steps to prevent other security breaches.
Jimmy Johnâ€™s has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.
To help customers learn if theyâ€™ve been affected, the chain posted a list of restaurant locations impacted by the intrusion.