BROOMFIELD, Colo., June 28, 2016 (GLOBE NEWSWIRE) -- Noodles & Company (NASDAQ:NDLS) today announced that a recent
data security incident may have compromised the security of payment information of some guests who used debit or credit cards at
certain Noodles & Company locations between January 31, 2016 and June 2, 2016. Credit and debit cards used at the affected
locations are no longer at risk from the malware involved in this incident.
What Happened? On May 17, 2016, Noodles & Company began investigating unusual activity its credit card
processor reported to the Company. Noodles & Company immediately began working with third-party forensic experts to investigate
these reports and to identify any signs of compromise on its computer systems. On June 2, 2016, Noodles & Company discovered
suspicious activity on its computer systems that indicated a potential compromise of guests’ debit and credit card data for some
debit and credit cards used at certain Noodles & Company locations.
Since that time, Noodles & Company has been working with third-party forensic investigators to determine how the security
compromise occurred and what information was affected. The Company is also working to implement additional procedures to further
secure guests’ debit and credit card information, including removing the malware at issue to contain this incident and to prevent
any further unauthorized access to guests' debit or credit card information.
Credit and debit cards used at the affected locations are no longer at risk from the malware involved in this incident. Guests
can safely use their credit and debit cards at Noodles & Company locations. Noodles & Company is working with the United States
Secret Service to investigate this incident. This notice has not been delayed by law enforcement.
What Information Was Involved? Through the ongoing third-party forensic investigations, Noodles &
Company confirmed that malware may have stolen credit or debit card data from some credit and debit cards used at certain Noodles &
Company locations between January 31, 2016 and June 2, 2016. The information at risk as a result of this event includes the
cardholder’s name, card number, expiration date, and CVV. A list of impacted Noodles & Company locations is available at www.noodles.com/security. This incident did not involve online debit or credit card transactions
at www.noodles.com. This incident did not involve guests’ Social Security numbers as this
information is never collected by Noodles & Company.
What We Are Doing. “Noodles & Company takes the security of our guests’ information extremely
seriously, and we apologize for the inconvenience this incident has caused our guests,” Kevin Reddy, Chairman and Chief Executive
Officer of Noodles & Company, stated. Reddy expanded, “We continue to work with third-party forensic investigators and law
enforcement officials to ensure the security of our systems on behalf of our guests.”
For More Information. Noodles & Company has established a dedicated assistance line for individuals
seeking additional information regarding this incident. Guests can call 888-849-1067, 9 a.m. to 9 p.m. EDT, Monday through Friday
(excluding U.S. holidays). Guests can also find information on this incident and what they can do to better protect against fraud
and identity theft at www.noodles.com/security.
What You Can Do. Noodles & Company encourages all guests to remain vigilant against identity theft by
reviewing their financial account statements regularly and monitoring their credit reports for suspicious activity. Guests should
immediately report any unauthorized charges to their card issuer. The phone number to call is usually on the back of the credit or
debit card. Under U.S. law, guests over the age of 18 are entitled to one free credit report annually from each of the three major
credit bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Guests may also contact the three
major credit bureaus directly to request a free copy of their credit report.
Noodles & Company encourages guests who believe they may be affected by this incident to take additional action to further
protect against possible identity theft or other financial loss. At no charge, guests can have these credit bureaus place a “fraud
alert” on their file, alerting creditors to take additional steps to verify their identity prior to granting credit in their name.
Note, however, that because it tells creditors to follow certain procedures to protect the guest, a fraud alert may also delay
guests’ ability to obtain credit while the agency verifies their identity. As soon as one credit bureau confirms a guest’s fraud
alert, the others are notified to place fraud alerts on the guest’s file. Should guests wish to place a fraud alert or have any
questions regarding their credit reports, they may contact any one of the agencies listed below.
Guests may also place a security freeze on their credit reports. A security freeze prohibits a credit reporting agency from
releasing any information from a guest’s credit report without the consumer’s written authorization. However, guests should be
aware that placing a security freeze on their credit reports may delay, interfere with or prevent the timely approval of any
requests they make for new loans, credit mortgages, employment, housing, or other services. If a guest has been a victim of
identity theft and provides a credit reporting agency with a valid police report, the agency cannot charge the guest to place, lift
or remove a security freeze. In all other cases, a credit reporting agency may charge a fee to place, temporarily lift or
permanently remove a security freeze. Guests will need to place security freezes separately with each of the three major credit
bureaus listed above if they wish to place a freeze on all of their credit files. To find out more about how to place a security
freeze, guests can contact the credit reporting agencies using the information below:
Guests can further educate themselves regarding identity theft, fraud alerts and the steps they can take to protect themselves,
by contacting the Federal Trade Commission or their state attorney general. For North Carolina residents, the
Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-919-716-6400, www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at
200 St. Paul Place, 16th Floor, Baltimore, MD 21202, 1-888-743-0023, www.oag.state.md.us. And the Federal Trade Commission can be reached at 600 Pennsylvania Avenue
NW, Washington, D.C. 20580, www.ftc.gov/idtheft/, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade
Commission also encourages those who discover that their information has been misused to file a complaint with the Commission.
Guests can obtain further information on how to file such a complaint by way of the contact information listed above. Instances of
known or suspected identity theft should also be reported to law enforcement.
About Noodles & Company
Noodles & Company is a fast-casual restaurant chain where its globally inspired dishes come
together to create a World Kitchen. Recognized by Parents Magazine as a Top Family Friendly Restaurant,
and Health Magazine as one of America’s Healthiest Fast Food Restaurants, Noodles & Company is a
restaurant where Japanese Pan Noodles rest comfortably next to Penne Rosa and Wisconsin Mac & Cheese, but where world flavors don’t
end at just noodles. Inspired by some of the world’s most celebrated flavor combinations, Noodle & Company’s menu offers
soups, salads, sandwiches and shareables, too. Everything is made fresh to order, just as you like it, using quality ingredients.
Dishes are delivered to the table allowing guests time to sit and relax or grab a quick bite. With more than 500 locations
nationwide, from California to Connecticut, guests can find a location nearest them and take a tour of the global World Kitchen
menu by visiting www.noodles.com.
Contacts: Media Erin Murphy 720.214.1900 Press@noodles.com Investor Relations investorrelations@noodles.com
