Jason’s Deli released a warning to customers last week that data from as many as 2 million payment cards may have been compromised in a point-of-sale system breach that began on June 8 and may have continued through much of December.
Customers in 15 states — including those in Columbia, Charleston, Greenville and Spartanburg in South Carolina — have been affected. Jason’s Deli said payment card processors found card data linked to about 164 of the chain’s 264 locations for sale on the dark web and alerted the company on Dec. 22.
The data obtained was full track data from the payment card’s magnetic stripe and can vary from card user to card user but can include the following: cardholder name, credit or debit card number, expiration date, cardholder verification value and service code. According to the company, the compromised data did not include personal identification numbers (PINS) or back-of-card security codes.
Investigators are learning more about how the breach occurred and are working with third-party forensics and cyber security firms, as well as law enforcement, to investigate and contain the breach.
In addition to the four locations in South Carolina, breaches occurred at Jason’s Deli locations in Alabama, Arizona, Florida, Georgia, Illinois, Louisiana, Maryland, North Carolina, Nevada, Pennsylvania, Tennessee, Texas, Virginia and Wisconsin.
Jason’s Deli is the latest restaurant brand to become a target of hackers.
In 2017, Pizza Hut, Sonic, Arby’s, Chipotle Mexican Grill and Shoney’s all reported data security incidents.
For more information, see www.jasonsdeli.com/data-breach