DARTMOUTH Mass. A technologically savvy thief or thieves infiltrated the point-of-sale system of Not Your Average Joe’s, stealing the credit card numbers and expiration dates on as many as 3,500 guest transactions, the casual-dining chain disclosed Wednesday.
The U.S. Secret Service, which investigates bank fraud and counterfeiting, joined credit card companies in informing Not Your Average Joe's earlier this month that investigators had detected a pattern of data theft linked to the company's 13 units in Massachusetts. The Dartmouth, Mass.-based chain's only other unit, in Leesburg, Va., was untouched by the crime.
Company officials emphasized that investigators do not consider anyone on the chain's staff a suspect.
Not Your Average Joe's posted a statement about the breach on its website Wednesday and issued news alerts through several mainstream media outlets, stressing that authorities are confident the data stolen was limited to credit card numbers and expiration dates. As a result, company officials said, investigators do not consider the case an example of identity theft, where addresses, Social Security numbers, bank account information or other data is illegally obtained and used for financial gain.
Diana Pisciotta, a spokeswoman for the chain, said the company has hired an electronic data security firm to strengthen what company executives had already considered a sound and secure POS system.
"As soon as we were notified, we redoubled our security," Pisciotta said. "We put in more redundancies and safeguards such that we feel confident that patrons can continue dining here and feel secure that their data is protected.
"This is being handled as credit card fraud and not identity theft, at least not in the classic sense of what people think of as identity theft," she added.
Pisciotta said the senior executive team was alerted earlier this month that the culprits had acquired the credit card numbers and expiration dates used in up to 1 percent of the 350,000 credit card transactions that were handled by the chain's Massachusetts restaurants between early August and Sept. 29. Those alerts came first from the credit card companies and then from the Secret Service, she said.
Pisciotta said Not Your Average Joe's had no way of knowing that its guests' information was being used until the security investigators called.
Pisciotta said she did not know if the thief or thieves had to be on site to acquire the credit card information.
"We're really not clear what happened," she said. "But we do not believe it is an issue of employee carelessness or illegal activity. I can tell you that from what we've seen all of the investigation that is going on is external to the company at this point.
"We value our relationship with our customers and want them to know we are doing all that we can to cooperate with the banks and the investigating authorities," she said.
The company set up a page on its website with information about the security breach and what it means to customers.