Restaurant chain Jason’s Deli reports customer account compromised
Learn More
Jason's Deli, a restaurant chain with over 200 locations across the United States, has notified customers of a potential compromise of their user accounts and personal information due to credential stuffing attacks.
Credential stuffing is a type of cyber attack where attackers use stolen/leaked account credentials (usernames and passwords) from one service to gain unauthorized access to user accounts on various other websites and online services. The attack is possible if the user uses the same login details in multiple sites.
The compromised information may include:
- names,
- addresses,
- phone numbers,
- birthdays,
- preferred store locations,
- order histories,
- contact lists for group orders,
- house account numbers,
- Deli Dollars points,
- available rewards,
- truncated numbers of gift and credit cards.
Deli is still in the process of identifying all impacted users, but estimates suggest over 340,000 individuals could be affected.
Update - as of 30th January 2025, Jason’s Deli reports that their investigation determined approximately 2 million unique payment card numbers may have been impacted. The company claims that the compromised data did not include personal identification numbers or back-of-card security codes.
The company plans to restore any affected Deli Dollars account balances and emphasized that the incident was not due to a direct hack of their systems, as they do not store customer login credentials.
