Noodles & Company Data Breach Affects 7 San Diego Locations

San Diego, CA — Customers of Noodles & Company at Westfield University Town Centre and several other San Diego-area locations should be aware of a recent data breach, the company announced this week.

Noodles & Company said Monday that the security incident may have compromised payment information of guests who used debit or credit cards at certain locations between Jan. 31 and June 2 of this year.

Hackers may have gotten cardholder information including name, card number, expiration date and CVV, according to the company, which said it began investigating the unusual activity May 17 after being alerted by its credit-card processor. The company immediately began working with third-party forensic experts to investigate the reports and identify any signs of compromise on its computer systems, according to a company statement.

On June 2, suspicious activity was discovered on its computer systems indicating the potential compromise of several of its locations in several states across the U.S.

There are 22 California locations — seven in the San Diego area — where guests' information may have been compromised.

Here are the affected San Diego locations:

• Westfield UTC, 4545 La Jolla Village Drive, Space 201E
• Sports Arena, 3650 Rosencrans Street
• Encinitas, 260-C N. El Camino Real
• La Costa, 3410 Via Mercado, Suite 104
• San Marcos, 591 Grand Ave., Suite G102
• Carlsbad, 2521 Palomar Airport Road, Suite 107
• Oceanside, 2267 S. El Camino Real

The company advised guests who used their credit or debit cards at the locations — online transactions were not compromised — between Jan. 31 and June 2 to monitor their credit and debit card statements for suspicious charges. If they find any, they should report the charges to their card issuer.

Social Security numbers were not compromised as part of the incident, Noodles & Company said.

Guests seeking further information about the security breach can call 888-849-1067 between 9 a.m. and 9 p.m. Eastern Time, Monday through Friday, except on holidays.

"Noodles & Company takes the security of our guests’ information extremely seriously, and we apologize for the inconvenience this incident has caused our guests," said Kevin Reddy, chairman and CEO of Noodles & Company.

The company said it is continuing its efforts — including working with the U.S. Secret Service — to determine how the breach occurred and to implement additional procedures to prevent it from happening again.

"We have identified the malware and contained the incident," according to the statement. "Credit and debit cards used at the affected locations identified are no longer at risk from the malware involved in this incident. Guests can safely use their credit and debit cards at Noodles & Company locations."

(Photo/M.O. Stevens via Wikimedia Commons)