Jimmy John's, a sandwich-shop chain based in Champaign, Ill., said a hacker infiltrated payment systems at about 216 of its locations and stole credit- and debit-card information.
A list of affected stores on Jimmy John's website included 12 locations in Minnesota, including 10 in the Twin Cities area.
The incident occurred after an intruder took login credentials from Jimmy John's payment-technology vendor and then accessed its point-of-sale systems between June 16 and Sept. 5, the company said Wednesday in a statement. The sandwich chain learned of the breach on July 30 and hired forensic experts to handle the investigation, which is continuing.
"The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John's stores," the company said in the statement.
Jimmy John's joins a growing list of retail and restaurant companies struck by hackers in the past year. Home Depot Inc., the largest home improvement chain, said this month that a cyberattack compromised 56 million payment cards. In June, P.F. Chang's China Bistro Inc., an Asian-themed restaurant company, said credit- and debit-card data were stolen from some of its locations.
Jimmy John's statement that it learned of a potential breach at the end of July means the company waited almost two months to alert customers. That differs from the approach of Home Depot, which announced its breach on the day it discovered the incident. The Atlanta-based retailer followed up last week by giving the number of payment cards affected.
Jimmy John's declined to comment on why it took so long to disclose the attack.
"We were contacted by law enforcement and will continue to cooperate with their investigation," the company said in an e-mailed statement.
Target Corp. also suffered a high-profile breach last year, when hackers snatched 40 million payment-card numbers.
Jimmy John's, a closely held company with more than 2,000 stores, was founded in 1983 by Jimmy John Liautaud. The affected locations included stores in Colorado, Florida, Georgia, Illinois, Michigan and Texas.
Customers who used their cards at one of the 216 stores during specified dates are eligible for free identity protection from AllClear ID.
Buffalo Bills owner Terry Pegula explores selling non-controlling, minority stake in franchise
Stock market today: Tumbling tech stocks drag Wall Street to the finish line of another losing week
How major US stock indexes fared Friday, 4/19/2024
American Express, Fifth Third rise; Netflix, PPG Industries fall, Friday, 4/19/2024
![Capella Tower at 225 South Sixth St. Tuesday September 6, 2011. ] GLEN STUBBE * gstubbe@startribune.com Minneapolis skyline from the 51st floor of IDS](https://arc.stimg.co/startribunemedia/7C263DJZQTPRDEXI74SMH2M3HI.jpg?h=91&w=145&fit=crop&bg=999&crop=faces)
