Jimmy John’s, a sandwich-shop chain based in Champaign, Illinois, said a hacker accessed payment systems at about 216 of its locations and stole credit-card and debit-card information.
The data breach affected a dozen stores in Indiana, including four in Indianapolis and one in Carmel, according to a list posted by the company.
The incident occurred after an intruder took log-in credentials from Jimmy John’s payment-technology vendor and then accessed its point-of-sale systems between June 16 and Sept. 5, the company said Wednesday in a written statement. The sandwich chain learned of the breach on July 30 and hired forensic experts to handle the investigation, which is continuing.
“The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores,” the company said in the statement.
Stores affected in Indianapolis were downtown at 1 N. Meridian St. from June 16 through Aug.8; at 4914 S. Emerson Ave. from July 1 through Aug. 4; at 1437 E. 86th St. from July 1 though Aug. 1; and at 4825 E. 96th St. from July 23 through Aug. 1.
The Carmel store is at Clay Terrace shopping center, with dates from July 1 through Aug. 2. Other Indiana stores affected were in Columbus, Lafayette, Bloomington, Hobart, Evansville and Portage.
Jimmy John’s joins a growing list of retail and restaurant companies stricken by hackers in the past year. Home Depot Inc., the largest home-improvement chain, said this month that a cyber attack compromised 56 million payment cards.
Jimmy John’s, a closely held company with more than 2,000 stores, was founded in 1983 by Jimmy John Liautaud.