Unauthorized activity on credit cards recently used at Jimmy John’s locations has led the sandwich chain to work with authorities on an investigation of a potential data breach.
KrebsOnSecurity.com first reported on the issue Thursday, stating the chain “did not return calls seeking comment for two days” (not Freaky Fast) before issuing an email statement that it is “investigating the situation” and will provide an update “as soon as we have additional information.”
Financial institutions contacted by KrebsOnSecurity.com witnessed “card-present” fraud that allowed criminals to create copies of credit cards.
Beyond ATM skimmers, the most prevalent sources of card-present fraud are payment terminals in retail stores that have been compromised by malicious software. This was the case with mass compromises at previous nationwide retailers including Target, Neiman Marcus, Michaels, White Lodging, P.F. Chang’s, Sally Beauty and Goodwill Industries.
Jimmy John’s has more than 1,900 stores across the United States.