Jason’s Deli, a fast casual restaurant chain with locations in 28 states, has confirmed a recent data breach involving payment card information.
The chain first acknowledged the possibility of a breach in December, but recently released a statement confirming that the company’s own internal investigation revealed that criminals “deployed RAM-scraping malware on a number of our point-of-sales (POS) terminals at various corporate-owned Jason’s Deli restaurants starting on June 8, 2017.” The scraped payment card data — at least some of which appeared to be up for sale on the “dark web” — could include the following: cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code.
Jason’s Deli notes that its response team “contained the security breach and has also disabled the malware in all of the locations where it was discovered,” but it gives no exact date for when the breach was contained. Considering the investigation has taken place in recent weeks, it’s possible the malware was present on affected terminals from June 8, 2017 all the way through the rest of 2017.
Many Locations Affected
The company’s statement has a full list of “potentially affected locations,” with many of them in Texas. If you’ve eaten at any of these Jason’s Deli locations during the breached time frame, double check your accounts and consider getting a recent copy of your credit report, as well.
Jason’s is also urging customers who think they were affected to contact the company’s customer service department by phone or e-mail. The company gives further details and tips for locations in each state affected in its notice of data breach.
Though they’re not new, point-of-sale terminal hacks now seem to be becoming a bigger problem, and they’re proof that a company’s cybersecurity needs extend beyond its online store. Forever 21 recently confirmed that malware was installed on many of its terminals at varying times for the greater part of 2017, and Whole Foods suffered a point-of-sale breach in 2017, as well.