A data breach involving customers of Jason’s Deli locations around the country, including Waco’s, may have jeopardized the personal information of up to 2 million people dating back to mid-June.
The Beaumont-based restaurant chain first reported in December that it apparently had become the victim of computer malware. Last week, the company released a list of locations possibly impacted, including Waco’s at Valley Mills and Waco drives.
A notice on the Jason’s Deli website urges customers to monitor their credit or debit card account and report any suspicious activity to the issuer of the card.
“Jason’s Deli was notified by payment processors on Dec. 22 that credit card security personnel had informed it that a large quantity of payment card information had appeared for sale on the ‘dark web,’ and that an analysis of that data indicated that at least a portion may have come from various Jason’s Deli locations,” according to the notice.
The company immediately activated its response plan and notified forensic experts and members of law enforcement, the notice states.
The company’s research revealed the scam used RAM-scraping malware at restaurants’ point-of-sale registers.
“Our investigation has determined that approximately 2 million unique payment card numbers may have been impacted,” according to the company’s notice. “Specifically, the payment card information obtained was full track data from a payment card’s magnetic stripe.”
Magnetic stripe information varies by card company and can include the cardholder’s name, card number, expiration date and service code.
Data on the strip reportedly does not include PIN numbers.
Thomas McDonald, who manages the Jason’s Deli in Waco, said he has fielded questions from customers expressing concern about the breach. Steps have been taken to remove the threat, and customers should not fear using their debit or credit cards, McDonald said.
“We have almost become a cashless society now, and technology is great. But criminals and bad guys are literally one step behind us from a technology standpoint,” said Adam Price, regional director for the Better Business Bureau.
The magnetic strip on the back of payment cards implicated in the Jason’s Deli problem “eventually will go away,” replaced by a metal chip already appearing on many cards and providing more security, Price said.
“If you go to a vendor and insert or dip the chip-bearing card, it takes several more seconds for the process to go through, but you receive an extra level of protection,” Price said. “Unfortunately, many stores have not made the equipment upgrades needed to become chip compliant.”
He said consumers need to remain vigilant in checking their monthly credit card statements, a habit that may slip their minds in a marketplace “where cashless and paperless transactions are becoming invisible.”
Jason’s Deli has grown to 266 locations in 28 states, and about 160 restaurants had their data compromised, including 71 in Texas, according to information provided by the family owned chain.