DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Noodles and Company confirms payment card breach

Posted on June 29, 2016 by Dissent

Brian Krebs first broke the story in May that casual food chain Noodles and Company had likely had a payment card breach. Now the company has confirmed it:


Press Release

Noodles & Company Provides Notice of Data Security Incident

Broomfield, Colorado, June 28, 2016 – Noodles & Company (NASDAQ: NDLS) today announced that a recent data security incident may have compromised the security of payment information of some guests who used debit or credit cards at certain Noodles & Company locations between January 31, 2016 and June 2, 2016. Credit and debit cards used at the affected locations are no longer at risk from the malware involved in this incident.

What Happened? On May 17, 2016, Noodles & Company began investigating unusual activity its credit card processor reported to the Company. Noodles & Company immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems. On June 2, 2016, Noodles & Company discovered suspicious activity on its computer systems that indicated a potential compromise of guests’ debit and credit card data for some debit and credit cards used at certain Noodles & Company locations.

Since that time, Noodles & Company has been working with third-party forensic investigators to determine how the security compromise occurred and what information was affected. The Company is also working to implement additional procedures to further secure guests’ debit and credit card information, including removing the malware at issue to contain this incident and to prevent any further unauthorized access to guests’ debit or credit card information.

Credit and debit cards used at the affected locations are no longer at risk from the malware involved in this incident. Guests can safely use their credit and debit cards at Noodles & Company locations. Noodles & Company is working with the United States Secret Service to investigate this incident. This notice has not been delayed by law enforcement.

What Information Was Involved? Through the ongoing third-party forensic investigations, Noodles & Company confirmed that malware may have stolen credit or debit card data from some credit and debit cards used at certain Noodles & Company locations between January 31, 2016 and June 2, 2016. The information at risk as a result of this event includes the cardholder’s name, card number, expiration date, and CVV. A list of impacted Noodles & Company locations is available at www.noodles.com/security. This incident did not involve online debit or credit card transactions at www.noodles.com. This incident did not involve guests’ Social Security numbers as this information is never collected by Noodles & Company.

What We Are Doing. “Noodles & Company takes the security of our guests’ information extremely seriously, and we apologize for the inconvenience this incident has caused our guests,” Kevin Reddy, Chairman and Chief Executive Officer of Noodles & Company, stated. Reddy expanded, “We continue to work with third-party forensic investigators and law enforcement officials to ensure the security of our systems on behalf of our guests.”

For More Information. Noodles & Company has established a dedicated assistance line for individuals seeking additional information regarding this incident. Guests can call 888-849-1067, 9 a.m. to 9 p.m. EDT, Monday through Friday (excluding U.S. holidays). Guests can also find information on this incident and what they can do to better protect against fraud and identity theft at www.noodles.com/security.

What You Can Do. Noodles & Company encourages all guests to remain vigilant against identity theft by reviewing their financial account statements regularly and monitoring their credit reports for suspicious activity. Guests should immediately report any unauthorized charges to their card issuer. The phone number to call is usually on the back of the credit or debit card. Under U.S. law, guests over the age of 18 are entitled to one free credit report annually from each of the three major credit bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Guests may also contact the three major credit bureaus directly to request a free copy of their credit report.

Noodles & Company encourages guests who believe they may be affected by this incident to take additional action to further protect against possible identity theft or other financial loss. At no charge, guests can have these credit bureaus place a “fraud alert” on their file, alerting creditors to take additional steps to verify their identity prior to granting credit in their name. Note, however, that because it tells creditors to follow certain procedures to protect the guest, a fraud alert may also delay guests’ ability to obtain credit while the agency verifies their identity. As soon as one credit bureau confirms a guest’s fraud alert, the others are notified to place fraud alerts on the guest’s file. Should guests wish to place a fraud alert or have any questions regarding their credit reports, they may contact any one of the agencies listed below.

For more information and a list of affected locations, see their FAQ on the incident.

Related posts:

  • Madison Square Garden Company Alerts Customers of Payment Card Data Breach
  • A&M Provides Notice of Data Security Incident at at Annie Sez, Afaze, Mandee, Sirens and Urban Planet Stores
  • Noble House Hotels & Resorts updates breach disclosure as more properties identified as affected
  • Atlantis, Paradise Island Provides Notice of Data Security Incident
Category: Business SectorMalwareU.S.

Post navigation

← Deutsche Telekom finds passwords for sale on dark web, but denies hack
FTC closes 70 percent of data security investigations →

1 thought on “Noodles and Company confirms payment card breach”

  1. Regret says:
    June 29, 2016 at 4:31 pm

    Shorter Press Release: We take the security of your credit card numbers about as seriously as you’d expect of a noodle restaurant. Pasta la Visa baby.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.