Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

340,000 Jason’s Deli Customers Potentially Impacted by Credential Stuffing Attack

Jason’s Deli says hackers targeted users in credential stuffing attacks, likely compromising their personal information.

Restaurant chain Jason’s Deli is informing customers that their user accounts and personal information might have been compromised in credential stuffing attacks.

Over the weekend, the company, which owns over 200 fast casual restaurants across the United States, began informing customers that attackers have been observed accessing user accounts using login credentials obtained from other data breaches.

“These unauthorized parties apparently used these login credentials to determine if they matched those of our reward and online accounts,” Jason’s Deli said in a notification letter to customers, a copy of which was submitted to the Maine Attorney General’s Office.

In cases where the login credentials compromised in another data breach were used for the Jason’s Deli online account as well, the attackers likely hacked the account, gaining access to the personal information that the user had shared with the company.

“That information may have included your name, address (including all saved delivery addresses), phone number, birthday, preferred Jason’s Deli location, order history, contact lists (if any – names and email addresses used for sending group orders), house account number (if any), Deli Dollars points, available redeemable amounts and banked rewards, as well as truncated gift card/credit card numbers,” the notification letter reads.

According to Jason’s Deli, the attackers might have also viewed the last four digits of users’ payment and gift card numbers, but not the entire numbers.

The company has been working on identifying the potentially impacted users, but has yet to determine the number of compromised accounts. However, it told the Maine AGO that more than 340,000 individuals might have been affected.

Jason’s Deli also informed its users that it would restore their Deli Dollars account balances, where applicable.

Advertisement. Scroll to continue reading.

“Please understand that we believe that this incident was not a result of the unauthorized party hacking into Jason’s Deli’s system in order to obtain this information, as we do not store or retain customer login credentials,” the company said in the notification letter.

Related: VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million

Related: HMG Healthcare Says Data Breach Impacts 40 Facilities

Related: 4.5 Million Individuals Affected by Data Breach at HealthEC

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.