Customers of the popular delicatessen, Jason’s Deli, recently fell victim to a mass criminal heist that left their credit card information for sale on the Dark Web.
On January 11, Jason’s acknowledged that they had experienced a data breach targeting its point-of-sale terminals. This breach began in June 2017, and likely continued through the end of the year. During this time, as many as 2 million payment cards could have been compromised in at least 164 of the company’s 275 locations across 28 states.
The perpetrators of the breach obtained victims’ information by deploying a RAM-scraping malware on the point-of-sale terminals. This malware captured data by reading payment card’s magnetic stripe, including cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code. Ultimately, MasterCard security personnel discovered a large quantity of payment card information, originating from Jason’s Deli, for sale on the Dark Web.
“The investigation is in its early stages and, as is typical in such situations, we expect it will take some time to determine exactly what happened. Jason’s Deli will provide as much information as possible as the inquiry progresses, bearing in mind that security and law enforcement considerations may limit the amount of detail we can provide,” the company said in a statement regarding customer financial data.