Services

Noodles & Co. Reveals Data Breach

Paul Ausick

Published: June 29, 2016 1:59 pm

Last Updated: January 13, 2020 6:13 am

Fast-casual restaurant chain Noodles & Co. (NASDAQ: NDLS) said Tuesday afternoon that it had uncovered a recent data security incident that may have compromised customer payment information. The customer credit and debit card transactions occurred at some store locations between January 31, 2016, and June 2, 2016.

The company said that it began investigating unusual credit card activity in mid-May. On June 2, the company said that it “discovered suspicious activity on its computer systems that indicated a potential compromise of guests’ debit and credit card data for some debit and credit cards used at certain Noodles & Company locations.”

The company said Wednesday that cards used at the affected locations are no longer at risk from the malware used in the incident. The customer information that was compromised includes the cardholder’s name, card number, expiration date, and card verification value (CVV).

Noodles & Co. did not specify how many stores were affected by the malware, but a list of stores that were affected is available at the Noodles & Co. security website. The listing is organized by state and includes 27 states plus the District of Columbia. In the company’s home state of Colorado, 60 stores were affected. That is how many Colorado stores Noodles & Co. reported that it owned at the end of 2015. All 22 California locations are likewise on  the list.

The company said it owned or franchised 495 restaurants in 35 states, D.C., and one Canadian province at the end of 2015.

The shares traded up 1.75% in the mid-afternoon Wednesday at $9.88 in a 52-week range of $9.28 to $15.88. The consensus price target is $12.00.