Jason's Deli said investigators are trying to determine if someone breached the restaurant chain's electronic payment systems, then posted customer information on the "dark web" for sale.
The Texas-based company, which operates restaurants in 28 states and has locations in Maryland and Virginia, found out about the possible breach on December 22, 2017.
In a statement posted on Jason's Deli's website, the company said MasterCard security personnel found "a large quantity of payment card information had appeared for sale on the 'dark web,' and that an analysis of the data indicated that at least a portion of the data may have come from various Jason's Deli locations."
The restaurant chain activated its response plan. Among other things, investigators are trying to figure out if, in fact, a breach took place. If it did, they will look at the scope, the way it was accomplished, and whether there is a continued breach or vulnerability.
There was no indication if the breach affected patrons at its locations in College Park, Falls Church, Fairfax, or Columbia, Md.
Jason's Deil recommended that customers monitor their payment card accounts and report any suspicious activity to their card issuers. Anyone with questions can contact Jason's Deli via email or by calling (409) 838-1976.