Jimmy John’s, purveyor of quickly made sandwiches and awkward commercials, is under fire for an alleged data breach. According to this story, Jimmy John’s announced the data breach on September 24, and a plaintiff has already brought a putative class action in Illinois. Here are some of the details: 

A data breach that targeted the Jimmy John’s Gourmet Sandwiches chain has spawned a proposed class action by a plaintiff who alleges the company’s information systems and security oversight were “grossly inadequate” and that its delay in announcing the breach was unlawful.

Arizona plaintiff and past Jimmy John’s patron Barbara Irwin alleges that she was the victim of five fraudulent charges on the credit card she had used at the sandwich store between July 3 and Aug. 4, and that the fraud occurred as a result of the breach of the point-of-sale system used at 216 of the company’s stores in 40 states.

Jimmy John’s Franchises LLC announced the breach on Sept. 24. The company said it learned of the break-in on July 30 and “immediately hired third party forensic experts to assist with its investigation,” according to a notice on the firm’s website. It said a cyberintruder stole log-in credentials from the company’s point-of-sale vendor and used them to access the stores’ checkout systems between June 16 and Sept. 5.