Signature Systems Responsible for 108 Small Business Breaches

SignatureSystemsLogoWhat happened?

Signature Systems Inc. the point-of-sale (POS) vendor responsible for leaking customer payment card information at more than 200 Jimmy John’s locations has announced that 108 other businesses have also suffered a breach as a result of using their payment card scanners.

After conducting a forensics investigation, Signature Systems learned that the attack took place between June 16 and September 18. An overwhelming number of these businesses are mom-and-pop pizzerias located across the Mid-Atlantic and Mid-West.

Signature Systems has released a full list of impacted locations.

In a public statement posted on their website, Signature Systems explains: “We have determined that an unauthorized person gained access to a user name and password that Signature Systems used to remotely access POS systems,” the statement reads, “The unauthorized person used that access to install malware designed to capture payment card data from cards that were swiped through terminals in certain restaurants.”

In a statement released by Jimmy John’s they indicated that they believed Signature System’s products were compliant with the Payment Card Industry Data Security Standard (PCI). However, the PCI Security Standards Council did not approve Signature System’s core product, PDQ POS for new installations after October 28, 2013. If companies, including Jimmy John’s, installed PDQ POS after October 28, they could face fines and penalties.

What Should You Do?

View Signature System’s list of impacted locations to see if your payment card information was exposed. If you have visited one of these locations, monitor your bank statement closely for unusual activity.

EZShield Fraud Protection customers should store their payment card account information in the EZShield Secure Online Wallet so it can be monitored for fraudulent use. If an alert is received, contact an EZShield Resolution Specialist immediately.  You may access your virtual wallet by visiting

For added security, consider placing a fraud alert with the three credit bureaus. A fraud alert ensures that creditors will follow certain procedures when opening new lines of credit or making changes to existing accounts in your name.

P.O. Box 105069
Atlanta, Georgia 30348
P.O. Box 2020
Allen, TX 75013
P.O. Box 2000
Chester, PA 19022

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.