InfoSec News

Data Breach

216 Jimmy John’s Gourmet Sandwiches Shops Suffer Data Breach

By

jimmy john's

By William Knowles @c4i
Senior Editor
InfoSec News
September 24, 2014

Somewhat Freaky Fast Notification.

Champaign Illinois based Jimmy John’s Gourmet Sandwiches Shops have announced on Wednesday they were the latest business to suffer a credit card breach. Joining the ranks of Target, Neiman Marcus, Michaels, and Home Depot.

Here’s the company statement:

On July 30, 2014, Jimmy John’s learned of a possible security incident involving credit and debit card data at some of Jimmy John’s stores and franchised locations. Jimmy John’s immediately hired third-party forensic experts to assist with its investigation. While the investigation is ongoing, it appears that customers’ credit and debit card data was compromised after an intruder stole log-in credentials from Jimmy John’s point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16, 2014, and September 5, 2014. The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores.

Approximately 216 stores appear to have been affected by this event. Cards impacted by this event appear to be those swiped at the stores and did not include those cards entered manually or online. The credit and debit card information at issue may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date. Information entered online, such as customer address, e-mail, and password remains secure. The locations and dates of exposure for each affected Jimmy John’s location are listed on AFFECTED STORES & DATES.

Jimmy John’s has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third-party vendors.

We apologize for any inconvenience this incident may have on our customers. Jimmy John’s values the privacy and security of its customers’ information, and is offering identity protection services to impacted customers, although Jimmy John’s does not collect its customers’ Social Security numbers. To take advantage of these services, please visit CONTACTS & INFORMATION. For more information, call (855) 398-6442. In addition, customers are encouraged to monitor their credit and debit card accounts and notify their bank if they notice any suspicious activity. Additional recommendations for protecting your information can be found at RECOMMENDATIONS.

Jimmy John’s will post information related to its ongoing investigation on the Company’s website, www.jimmyjohns.com

Matthew C. Wright via Compfight

San Diego Hotel Group Suffers Payment Card Breach

By

Full Moon over San Diego

By William Knowles @c4i
Senior Editor
InfoSec News
September 5, 2014

San Diego based Bartell Hotels has released a statement detailing a data security incident which occurred between February 16, 2014, and May 13, 2014, that may involve certain credit card data, including credit card numbers, and other personally identifiable information.

The payment card systems at the following five locations were compromised by a third party attacker.

Best Western Plus Island Palms Hotel & Marina
Humphreys Half Moon Inn & Suites
The Dana on Mission Bay
Days Hotel–Hotel Circle
Pacific Terrace Hotel

Law enforcement and the credit card brands have been notified of this incident.

Bartell Hotels encourages its guests to remain vigilant by reviewing their account statements and monitoring their credit reports for suspicious activity. Bartell Hotels also encourages its guests to notify their banks that issued their card(s) of any suspicious activity and to monitor their credit reports.

Bartell Hotels intends to provide affected individuals with credit monitoring and identity protection services through AllClear ID.

Affected consumers of the breach who have any questions, should call their privacy counsel, Kathryn Mellinger, Esquire at 215-977-4070.

Photo by Justin Brown via Compfight

Former UIC Accounting students alerted to 2002 personal security breach

By

UIC-Business

By William Knowles @c4i
Senior Editor
InfoSec News
July 11, 2014

InfoSec News has learned that notification letters have been sent last week to some former students of the University of Illinois at Chicago College of Business Administration whose personal information, including Social Security number, was recently found to have been publicly accessible on an unsecured website dating back to 2002.

Two documents were accessible: a class roster from a Special Topics in Accounting course, ACTG 594, from the spring semester of 2002; and the advising list from spring 2002 for all junior and senior accounting majors.

University staff “took immediate action to remove the files from the website and sever connections to the documents” the letter said.

The university sent the letter to every mailing address it had on file for each individual. Because the university cannot verify that it was successful in reaching all affected parties, this news release is being issued in accordance with Section 10 of the 2006 Illinois Personal Information Protection Act.

Concerned individuals may contact the Federal Trade Commission, Midwest Region, 55 W. Monroe St., Suite 1825, Chicago, IL 60603, 1-877-IDTHEFT (1-877-438-4338) TDD 1-866-653-4261.

Concerned individuals should take precautions against identity theft as suggested by the FTC on its website and may wish to exercise their right to a free annual credit report from each of the three major credit reporting companies, available online at https://www.annualcreditreport.com or by calling (877) 322-8228.