4. Jason's Deli
Number Of Records Exposed: 3.4 Million
Jason's Deli disclosed in January that criminals had deployed RAM-scraping malware on a number of their point-of-sale (POS) terminals at various corporate-owned restaurants between June 8 and Dec. 29, 2017.
Specifically, the payment card information obtained was full track data from a payment card’s magnetic stripe. While this information varies from card issuer to card issuer, full track data can include the cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code.
Unlike a situation in which a block of static data is illegally copied and stolen all at once, the RAM-scraping malware employed by the criminals against Jason’s Deli copied data as individual transactions occurred over a period of several months.