What to do when you’re notified of a ‘merchant breach’

Written by |

As technology becomes more enmeshed with personal finance, cybersecurity breaches are becoming more prevalent. While there’s usually significant media coverage when major enterprises like Equifax suffer data leaks, smaller companies typically escape large-scale scrutiny.

Breaches and hacks are so common these days that it can easy to brush them off as just another news item, but when it happens to you it really hits home.

It happened to me: How to handle a ‘merchant breach’

It happened to me just this week.

I logged into my bank credit card account and saw that all of my transactions were attached to a new account. When I examined it further, I realized that my old account number had zero balance (hey!) but a newly generated account had my old balance (boo!).

I noticed this over the weekend,  and Monday morning, my bank sent me the following email:

“We know how important your personal and financial information is to you. That is why we take as many measures as possible to protect you from fraud and give you the peace of mind you deserve. With this said, there have been many well publicized card compromises in the past several months, which we take very seriously. To keep you financially safe, we employ advanced fraud monitoring systems that help us identify potential problems. We have proactively mailed you a replacement Credit Card to the address we have on file. We understand there is an element of inconvenience by issuing you a new Credit Card, but again, your financial safety is our number one priority.”

The notification also said that the bank had mailed me a new credit card and was going to close my old one in (gasp) one day. The only problem with this is that, to my knowledge, I hadn’t gotten a fresh card in the mailbox.

So there I was saddled with the abrupt realization that the only credit card in my wallet was hours from being null and void. Good thing I wasn’t boarding a plane out of the country or something, right?

What the bank didn’t tell me was which merchant was breached, so there was also the uncertainty that I could have just patronized or was about to patronize the same business where my personal info was exposed.

Obviously, I needed more information: You would think that the consumer would be given as much detail as possible when their credit card info is at risk, but no, I had to fish for it myself. That same day, I called the bank for some answers.


When I reached a member services rep, of course, I had to recite all kinds of personal information before they told me what business the breach was associated with: Jason’s Deli. I asked if the hack was only confined to my city or if it was national, but those were questions that the rep couldn’t answer. “They don’t tell us the scale of the breach,” she said.

When I googled “Jason’s Deli breach,” this is what I found:

It turns out the Jason’s Deli breach was announced in December when the Beaumont, Texas-based company said that they were notified by their security experts that criminals installed malware at multiple point-of-sale terminals around the country.

The company said around 2 million card numbers may have been poached in the incident, which began in June 2017. The seized information includes credit and debit card account numbers, cardholder names, card verification numbers and service codes, the company said.

What to do if you’ve been affected by the Jason’s Deli breach

If you believe you’ve been affected by the Jason’s Deli breach, here are four steps you need to take to protect yourself.

  • First, review the list of affected locations, which are in 15 states primarily in the South and Midwest. They are Alabama, Arizona, Florida, Georgia, Illinois, Louisiana, Maryland, North Carolina, Nevada, Pennsylvania, South Carolina, Tennessee, Texas, Virginia and Wisconsin.
  • If you haven’t already, sign up for Credit Karma’s free monitoring service.
  • Review your statements carefully and call your credit card company to contest any unauthorized charges.
  • Contact [email protected] or call 409-838-1976 to get more information on the incident.

As these breaches become more a part of our “new” normal, money expert Clark Howard and team are committed to helping you protect your data. Clark is a big advocate of freezing your credit. That way, the bad guys can’t open up new accounts in your name.

See our Credit Freeze Guide for step-by-step instructions

Here are some more articles you may like from Clark.com:

[anvplayer video=”4029542″ station=”998267″]

Welcome bonuses can be a great way to boost the value of a credit card. Best Credit Card Sign-up Bonuses for 2023 - Team Clark spent hours reviewing the market for credit card sign-up bonuses and evaluated them according to the guidelines for usage set by money expert Clark Howard. Clark believes credit cards with exorbitant annual fees are a bad idea for most…
Team Clark's cell phone expert ranks the best cell phone plans and deals. Best Cell Phone Plans in 2023: The Cheapest Plan for Every Need - Team Clark ranks the best cell phone plans and deals! See our favorites for unlimited data, families and cheap plans starting at $10/month.