By now, we’ve seen enough large-scale Point of Sale (POS) credit card thefts that patterns are beginning to emerge. Some companies follow the general arc of the narrative better than others, and deserve credit for doing so, but in the end, the story is about the same.

That’s certainly the case with Jason’s Deli. Recently, they discovered RAM-scraping malware on a number of their POS terminals. This has happened at a total of 164 of their locations, scattered across 14 states.

During the seven-month period before the malware was discovered, the company estimates that the credit card payment information of some two million customers was stolen. The data included credit and debit card numbers, expiration dates, the cardholder’s service and verification codes, and the cardholder’s name.

As is the case with most of these incidents, the company immediately contacted law enforcement and hired a third-party firm to assist with the forensic investigation, which is still ongoing.

Jason’s Deli’s handling of the aftermath of the incident has been well above average. However, the bottom line is that unless companies start paying increasing attention to data security, issues like these are going to continue to occur.

As a general rule, hackers prefer to go after the low-hanging fruit. There’s simply more money in attacking soft targets than hard ones. Your company doesn’t need bullet proof security in order to be safe from most hackers, it’s just got to be better than average. Although obviously, the better and more robust your digital security is, the safer you will be.

Unfortunately, this painfully obvious lesson seems to be falling on too many deaf ears. Until and unless that changes, we’ll continue reading about incidents like these. It’s costing business billions every year. Make sure your company isn’t next on the hackers’ hit list.