Noodles & Company is investigating a data breach at restaurants in 28 states during the first half of the year that may have put customer debit and credit card account information at risk of being stolen, the operator said late Tuesday.
Noodles & Company joins a growing list of restaurant chains that have reported data breaches in recent years, including Wendy’s, P.F. Chang’s, Elephant Bar and Landry’s.
The Broomfield, Colo.-based fast-casual chain said it began investigating unusual activity in May after receiving reports from its credit card processor. Noodles & Company hired a third-party forensic expert, and in June discovered suspicious activity on its computer systems that indicated a potential compromise of data involving cards used by customers to pay between Jan. 31 and June 2.
The company is still working to determine how the data breach occurred and what information was affected. Executives said they are also working to remove malware to prevent the incident from growing in scope. The U.S. Secret Service is assisting with the investigation.
“Noodles & Company takes the security of our guests’ information extremely seriously, and we apologize for the inconvenience this incident has caused our guests,” said Kevin Reddy, Noodles & Company chairman and CEO.
The malware may have stolen cardholder names, card numbers, expiration dates and CVV numbers. The incident did not involve Social Security numbers, since the chain never collects that information.
Credit and debit cards at the impacted locations are no longer at risk, the company said, and it’s safe to pay with cards at the chain’s restaurants.
But customers who paid by card at the chain’s restaurants during that period are urged to monitor financial statements and credit reports for suspicious activity and immediately report unauthorized charges to their card provider.
A full list of the restaurants impacted is available online. Customers can also call 888-849-1067 for more information.