CHAMPAIGN, Ill. -- Jimmy John's sandwich chain said Wednesday that it believes customers' credit card data was stolen from 216 of its shops between June and September.
The Champaign, Illinois-based chain said in a news release that stores in 37 states across the United States were affected. It did not say how many customers are affected.
Jimmy John's believes someone stole log-in credentials and remotely installed malware on machines used to swipe credit cards. Some customers' credit card numbers, expiration dates, verification codes and names were stolen between June 16 and Sept. 15, the company said.
The chain hired forensic investigators on July 30 to investigate a possible breach and came to the conclusion that log-in credentials from the point-of-sale systems was compromised, CBS Chicago reported.
Jimmy John's said it has taken measures to restore its security.
"Jimmy John's has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors," the company said in a statement.
Jimmy John's has more than 2,000 locations.