Data hackers strike Jimmy John's in Cape

Free smells apparently weren't enough for the data thieves who helped themselves to payment-card information from Jimmy John's this summer.

According to a news release posted on the company's website, Jimmy John's officials discovered a security breach July 30 and hired third-party investigators to look into it.

An intruder stole login credentials from the point-of-sale vendor and used them to access payment-card systems at more than 200 locations, including the Cape Girardeau store, the release stated.

David Keele, manager of the Jimmy John's at 1800 Broadway in Cape Girardeau, was among the customers affected by the breach.

"I've worked here for five years, and I guess it actually happened to me as well," he said. "I just had about $180 spent all throughout Georgia."

Keele said when he talked to someone at his bank about the suspicious transactions, she asked whether he had used the card at Jimmy John's. Fortunately for Keele, recovering the money was a relatively simple matter, he said. Keele said he had to sign paperwork for the bank's insurance company, and the money was back in his account in less than a week.

"It wasn't a big deal at all. It took six days for the money to go back," he said. "It was a quick, easy process."

The breach affected 216 Jimmy John's locations between June 16 and Sept. 5, the company reported. A list of stores and the dates each was affected can be found online at jimmyjohns.com/datasecurityincident/storedates.html.

Local Jimmy John's customers should keep an eye on their accounts if they used a card at the Cape Girardeau store between June 16 and Aug. 7.

Keele said the local franchise owner personally replaced the store's card readers with encrypted models that do not store information in the point-of-sale system, making them less vulnerable to data thieves.

"I know the issue here has been fixed," he said.

By Thursday afternoon, Keele said he had not heard any questions or complaints from customers.

The breach affected only cards swiped at the store and did not include card information entered manually or online, Keele said.

According to the news release, the compromised information includes card numbers, cardholder names, verification codes and card expiration dates.

Jimmy John's is offering identity protection services to affected customers. Enrollment is not necessary, but if a problem arises, customers can call 855-398-6442 to have an investigator from AllClear ID sort it out.

The company is advising customers to monitor their accounts and contact their banks if they notice any suspicious activity.

Keele said his banker told him data breaches are common.

"They said it happens all the time, actually. ... It's crazy," he said.

The Jimmy John's case is the third major data breach to affect Southeast Missouri residents in recent memory.

Last winter, Target found malware on point-of-sale systems in its American stores. The data breach occurred between Nov. 27 and Dec. 15, at the heart of the Christmas shopping season, affecting about 40 million customers.

Earlier in 2013, many local banks wound up replacing hundreds of cards after hackers got into Schnucks Markets' data systems and compromised about 2.4 million customers' information.

Data thieves have hit other companies during the past year, including Home Depot, Michaels, SuperValu, Neiman Marcus and United Parcel Service.

In August, the federal Homeland Security Department warned retailers to scan their point-of-sale systems for a piece of malicious software known as "Backoff" that could steal customers' information, The Associated Press reported.

epriddy@semissourian.com

388-3642

Pertinent address:

1800 Broadway, Cape Girardeau, MO