Jimmy Johns notifies customers of data breach

JACKSONVILLE, Fla. – Jimmy John's announced Wednesday afternoon there was a security breach involving credit and debit card data at hundreds of its restaurants -- two of them in Jacksonville.

The restaurant chain said it discovered the data breach on July 30. It appears that customers' credit and debit card data was compromised when an intruder stole log-in credentials from Jimmy John's point-of-sale vendor and used these stolen credentials to remotely access the payment systems at some corporate and franchised locations between June 16, 2014 and Sept. 5, 2014.

The restaurants affected in Jacksonville were the 1725 Hendricks Ave. and 11702 Beach Blvd. locations. The Gainesville restaurants at 1725 West University Ave. and 2220 SW Archer Road were also on affected. The chain says the breach was for different dates at each location, and put that information online.

Jimmy John's said it immediately hired third-party forensic experts to assist with its investigation and said the security compromise was contained. The company said customers can use their credit and debit cards securely at Jimmy John's stores.

Cards impacted were swiped at the stores and did not include those cards entered manually or online. The credit and debit card information at issue may include the card number and, in some cases, the cardholder's name, verification code and the card's expiration date.

Information entered online, such as customer address, email and password remains secure. 

Customers News4Jax spoke to said their frustrated by the latest loss of personal information.

"It's happening more and more frequently. It makes you scared to use your debit and credit cards," said Cindy Crawford. "I understand trying to investigate and trying to have their facts straight, but the sooner you let people know, they can take other measures."

Lisa Meisburg also eats at the sub shop and said she's recently found fraudulent charges on her bank statements.

"Someone spent $100 on kazoos on my credit car, and I was like, 'I did not spend $100 at Music Mart on kazoos," Meisburg said.

Jimmy John's has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.

"We apologize for any inconvenience this incident may have on our customers," Jimmy John's said in a statement.

Jimmy John's is offering identity protection services to impacted customers. To take advantage of these services, please go online or call 855-398-6442.

Customers were also encouraged to monitor their credit and debit card accounts, and notify their bank if they notice any suspicious activity.