Restaurant chain Noodles & Company said June 28 that a recent data security incident may have compromised the security of payment information of some guests who used debit or credit cards at certain Noodles & Company locations between January 31, 2016 and June 2, 2016.
Company officials say malware may have stolen credit or debit card information, including the cardholder’s name, card number, expiration date and CVV used at certain Noodles & Company locations between January 31, 2016 and June 2, 2016.
According to the company, more than 40 stores in Minnesota were affected. Last month, the company started investigations into what it called “unusual activity” reported to it by its credit card processor.
Noodles & Company immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems. On June 2, 2016, Noodles & Company discovered suspicious activity on its computer systems that indicated a potential compromise of guests’ debit and credit card data for some debit and credit cards used at certain Noodles & Company locations.
The Company is also working to implement additional procedures to further secure guests’ debit and credit card information, including removing the malware at issue to contain this incident and to prevent any further unauthorized access to guests’ debit or credit card information.
According to the company, credit and debit cards used at the affected locations are no longer at risk from the malware involved in this incident. The company said guests can safely use their credit and debit cards at Noodles & Company locations.
Noodles & Company said it is working with the United States Secret Service to investigate the incident.
“Noodles & Company takes the security of our guests’ information extremely seriously, and we apologize for the inconvenience this incident has caused our guests,” Kevin Reddy, Chairman and Chief Executive Officer of Noodles & Company, stated.
“We continue to work with third-party forensic investigators and law enforcement officials to ensure the security of our systems on behalf of our guests,” he added.