JACKSONVILLE, Fla. – Jimmy John's announced Wednesday afternoon there was a security breach involving credit and debit card data at hundreds of its restaurants -- including at least three in the Central Florida area.
The restaurant chain said it discovered the data breach on July 30. It appears that customers' credit and debit card data was compromised when an intruder stole log-in credentials from Jimmy John's point-of-sale vendor and used these stolen credentials to remotely access the payment systems at some corporate and franchised locations between June 16 and Sept. 5.
Restaurants affected in Central Florida are the location on 2323 S. Orange Avenue in Orlando, 3164 E. Colonial Drive in Orlando and a third at 821 South State Road 434 in Altamonte Springs.
The chain says the breach was for different dates at each location, and put that information online.
Jimmy John's said it immediately hired third-party forensic experts to assist with its investigation and said the security compromise was contained. The company said customers can use their credit and debit cards securely at Jimmy John's stores.
Cards impacted were swiped at the stores and did not include those cards entered manually or online. The credit and debit card information at issue may include the card number and, in some cases, the cardholder's name, verification code and the card's expiration date.
Information entered online, such as customer address, email and password remains secure.
"We apologize for any inconvenience this incident may have on our customers," Jimmy John's said in a statement.
Jimmy John's is offering identity protection services to impacted customers. To take advantage of these services, go online or call 855-398-6442.
Customers were also encouraged to monitor their credit and debit card accounts, and notify their bank if they notice any suspicious activity.