Holy macaroni! Noodles & Co. faces customer data breach in 27 states

© Noodles & Company
Oh, manicotti. If you’ve eaten at a Noodles & Company restaurant in the first half of this year, you may want to keep a close watch on your credit card statement. The pasta chain experienced a data breach that may have put customers’ information at risk.

Noodles began investigating “unusual activity” reported by its credit card processor on May 17, the company said in a statement. At the beginning of June, Noodles & Company “discovered suspicious activity on its computer systems that indicated a potential compromise of guests’ debit and credit card data for some debit and credit cards used” in locations across 27 states and the District of Columbia.

The investigation revealed that “malware may have stolen credit or debit card data from some credit and debit cards” between January 31 and June 2. The at-risk information includes the cardholder’s name, card number, expiration date and card verification value (CVV), the three-digit code on the back of cards.

“Noodles & Company takes the security of our guests’ information extremely seriously, and we apologize for the inconvenience this incident has caused our guests,” Kevin Reddy, chairman and CEO of Noodles & Company, said. “We continue to work with third-party forensic investigators and law enforcement officials to ensure the security of our systems on behalf of our guests.”

The incident did not involve any purchases made online at noodles.com, the company said.

Noodles & Company has set up a dedicated assistance line for customers to receive additional information about the incident. Guests can call 888-849-1067, 9 a.m. to 9 p.m. ET, Monday through Friday (excluding U.S. holidays) or find out more information about the breach and what they can do to better protect against fraud and identity theft at www.noodles.com/security.

Of the more than 400 affected locations, 60 are in Noodles & Company’s home state of Colorado, the Washington Times reported.

The malware has since been removed from the chain’s computer systems.

Noodles & Company is only the latest in a string of restaurant chains that have experienced data breaches in recent years, including Wendy’s, P.F. Chang’s, Elephant Bar and Landry’s, according to the Nation’s Restaurant News. Both Trump and Hyatt hotels have been breached recently; mobile provider T-Mobile and health insurer Anthem are among other companies that have experienced similar incidents.