Malware may have allowed hackers to compromise credit and debit-card information used at more than 400 restaurants operated across the country by Noodles & Company, the Colorado-based firm said Tuesday.
Kevin Reddy, the chairman and CEO of Noodle’s & Company, said the chain began investigating a potential security breach after being alerted last month by its credit-card processor of unusual activity.
Third-party forensic experts immediately began reviewing the restaurant’s computer systems, and on June 2 discovered suspicious activity indicative of “a potential compromise of guests’ debit and credit card data,” Mr. Reddy said in a statement Tuesday.
“Since that time, Noodles & Company has been working with third-party forensic investigators to determine how the security compromise occurred and what information was affected. The Company has confirmed that malware may have stolen credit or debit card data from some credit and debit cards used at certain Noodles & Company locations,” he added.
Locations affected by the breach include restaurants in 27 states and Washington, D.C., counting 60 in Colorado where the eatery maintains its national headquarters, as well as 58 locations between D.C., Maryland and Virginia.
Malware discovered by security experts has since been purged from the restaurant’s computer systems, and the company said cards used at the affected locations — more than 400 of them — are no longer at risk. Nonetheless, Noodles & Company has advised any customers who used a card at the affected locations between Jan. 31 and June 2 to review their account statements for suspicious activity.
“In an era where sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance,” Mr. Reddy said.
“Noodles & Company takes the security of our guests’ information extremely seriously, and we apologize for the inconvenience this incident has caused our guests.”
Law enforcement officials, including the U.S. Secret Service, are investigating the security breach, the CEO added.
Burger chain Wendy’s announced last month that 5 percent of its restaurants were affected by a similar malware infection that targeted card processors at locations across the country.
At least one class-action lawsuit has since been filed on behalf of Wendy’s customers who claim to have incurred fraudulent charges on their credit and debit cards as a result of the breach.