News

Noodles & Company reports data security breach

June 29, 2016

Noodles & Company reported Tuesday that a data security incident may have compromised customers' credit and debit card information in locations in about 27 states. Credit and debit cards used at the affected locations are no longer at risk from the malware involved in this incident, according to a company release.

"Noodles & Company takes the security of our guests' information extremely seriously, and we apologize for the inconvenience this incident has caused our guests," said Kevin Reddy, chairman and CEO of Noodles & Company. "We continue to work with third-party forensic investigators and law enforcement officials to ensure the security of our systems on behalf of our guests."

What Happened?

On May 17, the chain began investigating unusual activity that its credit card processor reported. Noodles & Company immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems, according to the release.  On June 2, Noodles & Company discovered suspicious activity on its computer systems that indicated a potential compromise of guests' debit and credit card data for some debit and credit cards used at certain Noodles & Company locations.

Since that time, Noodles & Company has been working with forensic investigators and the United States Secret Service to determine how the security compromise occurred and what information was affected. The company is also working to implement additional procedures to further secure guests' debit and credit card information, including removing the malware at issue to contain this incident and to prevent any further unauthorized access to guests' debit or credit card information.

What information was involved? 

Through the forensic investigations, the chain confirmed that malware may have stolen credit or debit card data from some credit and debit cards used at certain Noodles & Company locations between Jan. 31 and June 2. The information at risk includes the cardholder's name, card number, expiration date and CVV.

A list of impacted Noodles & Company locations is available here.

The incident did not involve online debit or credit card transactions at www.noodles.com, nor did it involve guests' Social Security numbers as this information is never collected by Noodles & Company, according to the company.

The chain has established a dedicated assistance line for individuals seeking additional information regarding this incident. Guests can call 888-849-1067, 9 a.m. to 9 p.m. EDT, Monday through Friday. They may also find information on this incident here.