Jimmy John's is the latest company hit with Point-Of-Sale(POS) information breach.
The Illinois based sandwich shop said it learned of the hack on July 30 and immediately hired security experts to help with the investigation.
In July, Brian Krebs reported that multiple financial institutions were seeing fraud on cards that had all recently been used at Jimmy John's locations. He also reported that the stores are using pos systems made by a third party vendor Signature Systems Inc. At the time, the breach was not confirmed. After nearly two months, the company confirmed it.
According to the company's statement, hackers stole log-in credentials from its POS vendor and used them to gain access to Jimmy John's POS systems.
The Signature Systems also confirmed the breach that attackers gained access to user name and password that they used to remotely access the POS systems.
The attackers then installed a malware which is designed to capture payment card data from cards that were swiped through terminals.
The information including card number, verification code, expiration date and card holder's name are at risk. The company says the information entered online such as email ids,passwords are not affected.
The incident affected approximately 216 Jimmy John's stores.