Jimmy John's Security Breached at 18 Michigan Stores

Jimmy John’s said Wednesday that customers’ credit and debit card data may have been breached at 18 Michigan stores – including those in Bloomfield Hills, Royal Oak, Nov and Canton – from June-September.

Nationally, about 216 stores were affected by the breach, which the company said in a statement that it learned of on July 30. It’s unclear how many customers were affected. The company said compromised data included only that obtained from card swipes at stores, and not from transactions that were entered manually or online.

The sandwich chain hired third-party forensics experts to assist in its investigation.

“While the investigation is ongoing, it appears that customers’ credit and debit card data was compromised after an intruder stole log-in credentials from Jimmy John’s point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16, 2014 and September 5, 2014,” Jimmy John’s said in the statement.

Credit and debit card information at issue may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date. Information entered online, such as customer address, email, and password, remains secure, according to the company.

The company said the security breach has been contained and steps have been taken to prevent future occurrences. Among the new security measures are encrypted swipe machines and other system enhancement, and the company is also reviewing its policies and procedures with third-party vendors.

The company said it is offering identity protection services to customers who may have been affected by the breach. For more information about that, call I(855) 398-6442. In addition, customers are encouraged to monitor their credit and debit card accounts, and notify their bank if they notice any suspicious activity. The company offers additional recommendations for protecting your information here.

A full list of stores affected by the breach is available on the Jimmy John’s website. Those in Michigan include:

• 1535 E. 12 Mile Road, Madison Heights, June 16-Aug. 7
• 40846 Van Dyke, Sterling Heights, June 16-Aug. 7
• 4790 S. Hagadorn Road, East Lansing, June 16-Aug. 2
• 143 N. Harrison, Suite 100, East Lansing, June 16-July 30
• 537 W Cross St.,Ypsilanti, June 16-July 30
• 7568 E. 9 Mile Road, Warren, June 16-Aug. 13
• 31204 Beck Road, Novi, June 26-Aug. 1
• 6535 N. Canton Center Road, Canton, June 27-Aug. 13
• 1260 S. 11th St., Niles, July 1-Aug. 2
• 33177 W. 8 Mile Road, Livonia, July 1-30
• 36324 Van Dyke, Sterling Heights, July 1-Aug. 1
• 4087 W. Maple Road, Bloomfield Hills, July 1-Aug. 3
• 3220 U.S. Hwy 41 W, Marquette, July 1-Aug. 8
• 39755 Grand River Ave., Novi, July 23-Aug. 1
• 413 S. Main St., Royal Oak, July 23-Aug. 1
• 37671 Six Mile Road, B218, Livonia, July 23-Aug. 2