September 24, 2014

Jimmy John's says 216 stores affected by breach

The Home Depot breach is the largest (known) retailer data breach of late, but it's not the only one: sandwich store chain Jimmy John's disclosed Wednesday that 216 of its stores "appear to be affected" by a breach there.

The Chicago-based chain has 1,900 locations nationwide. Reportedly, an intruder stole login credentials from the company's point-of-sale vendor and used them to remotely access point-of-sale systems at certain corporate and franchised locations between June 16 – more than three months ago – and Sept. 5.

KrebsonSecurity reported on the company's disclosure. It noted that while Jimmy John's didn't name the vendor targeted in this breach, it said company officials did confirm the vendor was Signature Systems.

Here's an excerpt from the company's disclosure: "Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online. The credit and debit card information at issue may include the card number and in some cases the cardholder's name, verification code, and/or the card's expiration date. Information entered online, such as customer address, e-mail, and password, remains secure."

NAFCU is continuing to press for action on national data security and breach notification standards for retailers. Credit unions and other financial institutions already comply with such standards, as established by the 1999 Gramm-Leach-Bliley Act.

Read the latest on the Home Depot breach.