Cyber Incident Victim: Jason's Deli

On December 22, 2017, Jason's Deli, a Texas-based restaurant chain operating 266 locations across 28 states, was notified by payment processors that MasterCard security personnel had identified a large quantity of payment card information for sale on the dark web. Preliminary analysis indicated some data potentially originated from multiple Jason’s Deli locations. The company immediately activated its incident response plan, engaging a threat response team, forensic experts, and law enforcement agencies to investigate the potential breach. Key objectives included confirming whether a security incident occurred, determining its scope and attack methodology, and identifying any ongoing vulnerabilities or compromises. The investigation remained in early stages at the time of disclosure, with expectations that conclusive findings would require significant time due to the complexity of forensic analysis.

Jason’s Deli advised customers to monitor payment card accounts for suspicious activity and report anomalies to their financial institutions, providing dedicated contact channels including an email address and phone number. The company acknowledged the critical importance of transaction security, referencing its history of periodic security system enhancements to counter evolving threats. While no specific timeframe or impacted customer count was disclosed, the statement confirmed the potential exposure of financial data across multiple locations. Historical context noted a prior September 2010 malware incident involving the chain, though no technical details connected the two events. Response efforts involved employees working through the Christmas holiday period, with management expressing regret for potential customer inconveniences during the investigation. The company committed to implementing appropriate security improvements based on forensic findings while withholding operational specifics due to law enforcement involvement.