As early as July 14th of this year, Brian Krebs (KrebsonSecurity.com) was reporting that the Jimmy John’s chain was investigating claims of a data-breach.
Today came the announcement that the breach was real – and that one of the payment providers used by both corporate + franchise stores, had indeed been compromised.
Krebs reports:
In a statement issued today, Champaign, Ill. based Jimmy John’s said customers’ credit and debit card data was compromised after an intruder stole login credentials from the company’s point-of-sale vendor and used these credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16, 2014 and Sept. 5, 2014.
“Approximately 216 stores appear to have been affected by this event,” Jimmy John’s said in the statement. “Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online. The credit and debit card information at issue may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date. Information entered online, such as customer address, email, and password, remains secure.”
This is far from the first Point of Sale (POS) hacking, with Target, Home Depot and Goodwill also being affected in recent months – as these POS breaches increase in number, we wonder how long before government panels start making inquiries – these breaches have the potentials to cut retail confidence to the core, and have the potential to affect the economy in a much larger way.