Jason's Deli: Difference between revisions

(3 intermediate revisions by the same user not shown)

Line 8:

}}

Founded in 1976, '''{{Wplink|Jason's Deli|Jason's Deli}}''' is an American chain of fast casual restaurants ~~that's owned by the Tortorice family~~.

Founded in 1976, '''{{Wplink|Jason's Deli|Jason's Deli}}''' is an American chain of fast casual restaurants.

==Consumer-impact summary==

Line 18:

==Incidents==

This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:Jason's Deli|Jason's Deli category]].

===Computer virus (''2010'')===

=== Computer virus (''2010'') ===

Around 22 August in Memphis, Tennessee, Jason's Deli received complaints from customers claiming to experience financial fraud after making credit card purchases.<ref>{{Cite web |last=Callahan |first=Jody |date=31 August 2010 |title=Hundreds of ID thefts at Jason's Deli linked to computer virus, Secret Service says |url=http://www.commercialappeal.com/news/2010/aug/31/many-300-id-thefts-jasons-deli-linked-computer-vir/ |url-status=dead |archive-url=https://web.archive.org/web/20101109145905/http://www.commercialappeal.com/news/2010/aug/31/many-300-id-thefts-jasons-deli-linked-computer-vir/ |archive-date=9 November 2010 |access-date=2 May 2026 |website=The Commercial Appeal}}</ref><ref>{{Cite web |last=Kenney |first=Nick |date=24 August 2010 |title=Secret Service investigates Jason's Deli identity thefts |url=https://www.actionnews5.com/story/13030647/secret-service-investigates-jasons-deli-identity-thefts/ |url-status=live |access-date=2 May 2026 |website=Action 5 News}}</ref><ref>{{Cite web |last=Brown |first=Lori |date=22 August 2010 |title=String of identity thefts linked to East Memphis Jason's Deli |url=https://www.actionnews5.com/story/13023532/string-of-identity-thefts-linked-to-east-memphis-jasons-deli/ |url-status=live |access-date=2 March 2026 |website=Action 5 News}}</ref> Two days later United States Secret Service got involved and started investigation the attack, later pinpointing the attack originated from Russia using an unknown variation of an older type of malware affecting around 300 customers.<ref>{{Cite web |last=Broach |first=Janice |date=1 September 2010 |title=Secret Service: Computer virus to blame for Jason's Deli thefts |url=https://www.actionnews5.com/story/13076367/secret-service-computer-virus-to-blame-for-jasons-deli-thefts/ |url-status=live |access-date=2 May 2026 |website=Action News 5}}</ref><ref>{{Cite web |date=4 September 2010 |title=Malware used in Jason’s Deli showing up elsewhere |url=https://databreaches.net/2010/09/04/malware-used-in-jasons-deli-showing-up-elsewhere/ |url-status=live |archive-url=https://web.archive.org/web/20240712114929/https://databreaches.net/2010/09/04/malware-used-in-jasons-deli-showing-up-elsewhere/ |archive-date=12 July 2024 |access-date=2 May 2026 |website=Databreaches.net}}</ref><ref>{{Cite web |date=8 September 2010 |title=Several ID Thefts At Jason Deli’s Linked To Computer Virus |url=https://www.spamfighter.com/News-15068-Several-ID-Thefts-At-Jason-Delis-Linked-To-Computer-Virus.htm |url-status=live |access-date=2 May 2026 |website=Spamfighter.com}}</ref>

Line 25:

Line 24:

Jason's Deli was notified of the breach on 22 December 2017 after being informed by payment processors that several customers financial information was being sold on the dark web, leading to a statement 6 days later announcing the breach and undergoing an investigation.<ref>{{Cite web |last=Krebs |first=Brian |date=28 December 2017 |title=4 Years After Target, the Little Guy is the Target |url=https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/ |url-status=live |archive-url=https://web.archive.org/web/20171228155612/https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/ |archive-date=28 December 2017 |access-date=2 May 2026 |website=Krebsonsecurity}}</ref>'''<ref>{{Cite web |date=29 December 2017 |title=Jason’s Deli reveals possible data breach, spokesperson says area locations not believed to be affected |url=https://www.wbbjtv.com/2017/12/29/jasons-deli-reveals-possible-data-breach-spokesperson-says-area-locations-not-believed-affected/ |url-status=live |access-date=2 May 2026 |website=WBBJ}}</ref>'''<ref>{{Cite web |date=2 May 2026 |title=Statement Of Jason's Deli Regarding Customer Financial Data |url=https://itsyourcreditreport.com/wp-content/uploads/2018/01/2018.01.11-Jasons-Deli-Statement-Data-Breach-1.pdf |url-status=live |archive-url=https://web.archive.org/web/20240622234601/https://itsyourcreditreport.com/wp-content/uploads/2018/01/2018.01.11-Jasons-Deli-Statement-Data-Breach-1.pdf |archive-date=22 June 2024 |access-date=2 May 2026 |website=itsyourcreditreport.com}}</ref> Between statements released on 11 January and 18 May 2018,<ref>{{Cite web |date=11 January 2018 |title=Notice of a Data Security Breach |url=https://dn721809.ca.archive.org/0/items/cadoj_sb24-132606_deli-management--inc---d-b-a-jason-s-deli--inc--/California%20OAG%20-%20Notice%20of%20a%20Data%20Security%20Breach%20dated%201-11-2018_0.pdf |url-status=live |archive-url= |archive-date= |access-date=2 May 2026 |website=Wayback Machine}}</ref><ref>{{Cite web |date=18 May 2018 |title=NOTICE OF DATA BREACH |url=https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/Deli%20Management%2C%20Inc.%20dba%20Jasons%20Deli%2C%20Inc.%2011%20Jan%2018%20-%20Consumer%20Notice.pdf |url-status=live |archive-url=https://web.archive.org/web/20250803210719/https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/Deli%20Management%2C%20Inc.%20dba%20Jasons%20Deli%2C%20Inc.%2011%20Jan%2018%20-%20Consumer%20Notice.pdf |archive-date=3 August 2025 |access-date=2 May 2026 |website=consumersc.gov}}</ref><ref>{{Cite web |date=11 January 2018 |title=Notice Of Data Breach |url=https://www.jasonsdeli.com/data-breach |url-status=dead |archive-url=https://web.archive.org/web/20180112221012/https://www.jasonsdeli.com/data-breach |archive-date=12 January 2018 |access-date=2 May 2026 |website=Jason's Deli}}</ref> the company announced that the unknown attackers infiltrated Jason's Deli's '''[[wikipedia:Point_of_sale|point of sale systems]]''' affecting around 3.4 million customers using RAM-scraping malware across 164 locations starting 8 June through 29 December 2017.<ref>{{Cite web |last=Schwartz |first=Mathew |date=19 January 2018 |title=Jason's Deli: Hackers Dine Out on 2 Million Payment Cards |url=https://www.bankinfosecurity.com/blogs/jasons-deli-hackers-dine-out-on-2-million-payment-cards-p-2584 |url-status=live |access-date=2 May 2026 |website=bankinfosecurity}}</ref><ref>{{Cite web |last=Klein |first=Danny |date=15 January 2018 |title=Jason’s Deli: Data Breach Could Affect 2 Million Cards |url=https://www.qsrmagazine.com/news/jasons-deli-data-breach-could-affect-2-million-cards/ |url-status=live |access-date=2 May 2026 |website=QSR Magazine}}</ref>

=== Credential surfing attack (''2024'') ===

===Credential surfing attack (''2024'')===

On 21 December 2023, Jason's Deli discovered unknown hackers had obtained account login credentials using previous data breaches that contained a users name, address, phone number, birthday, preferred Jason's locations, Deli Dollar points, [[wikipedia:PAN_truncation|truncated credit card and gift card numbers]].<ref name=":0">{{Cite web |last=Zurier |first=Steve |date=24 January 2024 |title=Over 340,000 Jason’s Deli customers potentially impacted in credential-stuffing attack |url=https://www.scworld.com/news/over-340000-jasons-deli-customers-potentially-impacted-in-credential-stuffing-attack |url-status=live |access-date=3 May 2026 |website=SCworld}}</ref><ref name=":1">{{Cite web |last=Langley |first=Mitchell |date=24 January 2024 |title=Jason’s Deli Breach Exposes Data of Over 350K Users in Credential Stuffing Attack |url=https://dailysecurityreview.com/security-spotlight/jasons-deli-breach/ |url-status=live |access-date=3 May 2026 |website=Daily Security Review}}</ref> The company would sent a notice letter to affected users on 19 January 2024, <ref>{{Cite web |date=2 March 2026 |title=Notice of Data Breach |url=https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/Jason%27s%20Deli-%20Consumer%20Notice.pdf |url-status=live |archive-url=https://web.archive.org/web/20240202173816/https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/Jason's%20Deli-%20Consumer%20Notice.pdf |archive-date=2 February 2024 |access-date=2 May 2026 |website=consumer.sc.gov}}</ref>with the Office of the Maine Attorney General declaring approximately 344,000 people have been affected.<ref name=":0" /><ref name=":1" /> Five days later, Jason's Deli was faced a class action lawsuit over its failure to safeguard and secure users personal information, however it was voluntarily dismissed by plaintiff Kristen Walker 2 months later on 19 March.<ref>{{Cite web |last=Mehorter |first=Kelly |date=31 January 2024 |title=Jason’s Deli Facing Class Action Over 2023 Data Breach Affecting 344K Customers |url=https://www.classaction.org/news/jasons-deli-facing-class-action-over-2023-data-breach-affecting-344k-customers |url-status=live |access-date=3 May 2026 |website=ClassAction}}</ref><ref>{{Cite web |date=1 May 2026 |title=Walker v. Deli Management, Inc. d/b/a Jason's Deli |url=https://www.pacermonitor.com/public/case/52105805/Walker_v_Deli_Management,_Inc_dba_Jasons_Deli |url-status=live |access-date=3 May 2026 |website=Pacermonitor}}</ref>

==See also==

@@ Line 8: / Line 8: @@
 }}
-Founded in 1976, '''{{Wplink|Jason's Deli|Jason's Deli}}''' is an American chain of fast casual restaurants that's owned by the Tortorice family.
+Founded in 1976, '''{{Wplink|Jason's Deli|Jason's Deli}}''' is an American chain of fast casual restaurants.
 ==Consumer-impact summary==
@@ Line 18: / Line 18: @@
 ==Incidents==
 This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:Jason's Deli|Jason's Deli category]].
+===Computer virus (''2010'')===
-=== Computer virus (''2010'') ===
 Around 22 August in Memphis, Tennessee, Jason's Deli received complaints from customers claiming to experience financial fraud after making credit card purchases.<ref>{{Cite web |last=Callahan |first=Jody |date=31 August 2010 |title=Hundreds of ID thefts at Jason's Deli linked to computer virus, Secret Service says |url=http://www.commercialappeal.com/news/2010/aug/31/many-300-id-thefts-jasons-deli-linked-computer-vir/ |url-status=dead |archive-url=https://web.archive.org/web/20101109145905/http://www.commercialappeal.com/news/2010/aug/31/many-300-id-thefts-jasons-deli-linked-computer-vir/ |archive-date=9 November 2010 |access-date=2 May 2026 |website=The Commercial Appeal}}</ref><ref>{{Cite web |last=Kenney |first=Nick |date=24 August 2010 |title=Secret Service investigates Jason's Deli identity thefts |url=https://www.actionnews5.com/story/13030647/secret-service-investigates-jasons-deli-identity-thefts/ |url-status=live |access-date=2 May 2026 |website=Action 5 News}}</ref><ref>{{Cite web |last=Brown |first=Lori |date=22 August 2010 |title=String of identity thefts linked to East Memphis Jason's Deli |url=https://www.actionnews5.com/story/13023532/string-of-identity-thefts-linked-to-east-memphis-jasons-deli/ |url-status=live |access-date=2 March 2026 |website=Action 5 News}}</ref> Two days later United States Secret Service got involved and started investigation the attack, later pinpointing the attack originated from Russia using an unknown variation of an older type of malware affecting around 300 customers.<ref>{{Cite web |last=Broach |first=Janice |date=1 September 2010 |title=Secret Service: Computer virus to blame for Jason's Deli thefts |url=https://www.actionnews5.com/story/13076367/secret-service-computer-virus-to-blame-for-jasons-deli-thefts/ |url-status=live |access-date=2 May 2026 |website=Action News 5}}</ref><ref>{{Cite web |date=4 September 2010 |title=Malware used in Jason’s Deli showing up elsewhere |url=https://databreaches.net/2010/09/04/malware-used-in-jasons-deli-showing-up-elsewhere/ |url-status=live |archive-url=https://web.archive.org/web/20240712114929/https://databreaches.net/2010/09/04/malware-used-in-jasons-deli-showing-up-elsewhere/ |archive-date=12 July 2024 |access-date=2 May 2026 |website=Databreaches.net}}</ref><ref>{{Cite web |date=8 September 2010 |title=Several ID Thefts At Jason Deli’s Linked To Computer Virus |url=https://www.spamfighter.com/News-15068-Several-ID-Thefts-At-Jason-Delis-Linked-To-Computer-Virus.htm |url-status=live |access-date=2 May 2026 |website=Spamfighter.com}}</ref>
@@ Line 25: / Line 24: @@
 Jason's Deli was notified of the breach on 22 December 2017 after being informed by payment processors that several customers financial information was being sold on the dark web, leading to a statement 6 days later announcing the breach and undergoing an investigation.<ref>{{Cite web |last=Krebs |first=Brian |date=28 December 2017 |title=4 Years After Target, the Little Guy is the Target |url=https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/ |url-status=live |archive-url=https://web.archive.org/web/20171228155612/https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/ |archive-date=28 December 2017 |access-date=2 May 2026 |website=Krebsonsecurity}}</ref>'''<ref>{{Cite web |date=29 December 2017 |title=Jason’s Deli reveals possible data breach, spokesperson says area locations not believed to be affected |url=https://www.wbbjtv.com/2017/12/29/jasons-deli-reveals-possible-data-breach-spokesperson-says-area-locations-not-believed-affected/ |url-status=live |access-date=2 May 2026 |website=WBBJ}}</ref>'''<ref>{{Cite web |date=2 May 2026 |title=Statement Of Jason's Deli Regarding Customer Financial Data |url=https://itsyourcreditreport.com/wp-content/uploads/2018/01/2018.01.11-Jasons-Deli-Statement-Data-Breach-1.pdf |url-status=live |archive-url=https://web.archive.org/web/20240622234601/https://itsyourcreditreport.com/wp-content/uploads/2018/01/2018.01.11-Jasons-Deli-Statement-Data-Breach-1.pdf |archive-date=22 June 2024 |access-date=2 May 2026 |website=itsyourcreditreport.com}}</ref> Between statements released on 11 January and 18 May 2018,<ref>{{Cite web |date=11 January 2018 |title=Notice of a Data Security Breach |url=https://dn721809.ca.archive.org/0/items/cadoj_sb24-132606_deli-management--inc---d-b-a-jason-s-deli--inc--/California%20OAG%20-%20Notice%20of%20a%20Data%20Security%20Breach%20dated%201-11-2018_0.pdf |url-status=live |archive-url= |archive-date= |access-date=2 May 2026 |website=Wayback Machine}}</ref><ref>{{Cite web |date=18 May 2018 |title=NOTICE OF DATA BREACH |url=https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/Deli%20Management%2C%20Inc.%20dba%20Jasons%20Deli%2C%20Inc.%2011%20Jan%2018%20-%20Consumer%20Notice.pdf |url-status=live |archive-url=https://web.archive.org/web/20250803210719/https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/Deli%20Management%2C%20Inc.%20dba%20Jasons%20Deli%2C%20Inc.%2011%20Jan%2018%20-%20Consumer%20Notice.pdf |archive-date=3 August 2025 |access-date=2 May 2026 |website=consumersc.gov}}</ref><ref>{{Cite web |date=11 January 2018 |title=Notice Of Data Breach |url=https://www.jasonsdeli.com/data-breach |url-status=dead |archive-url=https://web.archive.org/web/20180112221012/https://www.jasonsdeli.com/data-breach |archive-date=12 January 2018 |access-date=2 May 2026 |website=Jason's Deli}}</ref> the company announced that the unknown attackers infiltrated Jason's Deli's '''[[wikipedia:Point_of_sale|point of sale systems]]''' affecting around 3.4 million customers using RAM-scraping malware across 164 locations starting 8 June through 29 December 2017.<ref>{{Cite web |last=Schwartz |first=Mathew |date=19 January 2018 |title=Jason's Deli: Hackers Dine Out on 2 Million Payment Cards |url=https://www.bankinfosecurity.com/blogs/jasons-deli-hackers-dine-out-on-2-million-payment-cards-p-2584 |url-status=live |access-date=2 May 2026 |website=bankinfosecurity}}</ref><ref>{{Cite web |last=Klein |first=Danny |date=15 January 2018 |title=Jason’s Deli: Data Breach Could Affect 2 Million Cards |url=https://www.qsrmagazine.com/news/jasons-deli-data-breach-could-affect-2-million-cards/ |url-status=live |access-date=2 May 2026 |website=QSR Magazine}}</ref>
-=== Credential surfing attack (''2024'') ===
+===Credential surfing attack (''2024'')===
+On 21 December 2023, Jason's Deli discovered unknown hackers had obtained account login credentials using previous data breaches that contained a users name, address, phone number, birthday, preferred Jason's locations, Deli Dollar points, [[wikipedia:PAN_truncation|truncated credit card and gift card numbers]].<ref name=":0">{{Cite web |last=Zurier |first=Steve |date=24 January 2024 |title=Over 340,000 Jason’s Deli customers potentially impacted in credential-stuffing attack |url=https://www.scworld.com/news/over-340000-jasons-deli-customers-potentially-impacted-in-credential-stuffing-attack |url-status=live |access-date=3 May 2026 |website=SCworld}}</ref><ref name=":1">{{Cite web |last=Langley |first=Mitchell |date=24 January 2024 |title=Jason’s Deli Breach Exposes Data of Over 350K Users in Credential Stuffing Attack |url=https://dailysecurityreview.com/security-spotlight/jasons-deli-breach/ |url-status=live |access-date=3 May 2026 |website=Daily Security Review}}</ref> The company would sent a notice letter to affected users on 19 January 2024, <ref>{{Cite web |date=2 March 2026 |title=Notice of Data Breach |url=https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/Jason%27s%20Deli-%20Consumer%20Notice.pdf |url-status=live |archive-url=https://web.archive.org/web/20240202173816/https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/Jason's%20Deli-%20Consumer%20Notice.pdf |archive-date=2 February 2024 |access-date=2 May 2026 |website=consumer.sc.gov}}</ref>with the Office of the Maine Attorney General declaring approximately 344,000 people have been affected.<ref name=":0" /><ref name=":1" /> Five days later, Jason's Deli was faced a class action lawsuit over its failure to safeguard and secure users personal information, however it was voluntarily dismissed by plaintiff Kristen Walker 2 months later on 19 March.<ref>{{Cite web |last=Mehorter |first=Kelly |date=31 January 2024 |title=Jason’s Deli Facing Class Action Over 2023 Data Breach Affecting 344K Customers |url=https://www.classaction.org/news/jasons-deli-facing-class-action-over-2023-data-breach-affecting-344k-customers |url-status=live |access-date=3 May 2026 |website=ClassAction}}</ref><ref>{{Cite web |date=1 May 2026 |title=Walker v. Deli Management, Inc. d/b/a Jason's Deli |url=https://www.pacermonitor.com/public/case/52105805/Walker_v_Deli_Management,_Inc_dba_Jasons_Deli |url-status=live |access-date=3 May 2026 |website=Pacermonitor}}</ref>
 ==See also==