Last week, shortly before the U.S. closed up shop for the Independence Day holiday weekend, fast-casual restaurant chain Noodles & Company confirmed rumors of a security breach that had first been reported in May. The company said it began investigating the possibility of a network intrusion in May after card issuers and payment processors traced some fraudulent activity back to cards used at some of the Colorado-based chain’s restaurants. The investigation confirmed that malware introduced into its system was able to gather payment card information including names, card numbers, expiration dates and CVV numbers of credit and debit cards used at restaurants in 28 of the 31 states where it operates. The number of individual cardholders affected was not disclosed.
“Noodles & Company takes the security of our guests’ information extremely seriously, and we apologize for the inconvenience this incident has caused our guests,” said Kevin Reddy, chairman and CEO of Noodles & Company. “We continue to work with third-party forensic investigators and law enforcement officials to ensure the security of our systems on behalf of our guests.”