22 February 2017
visit dh.com

US supermarket data breach exposes 2.4m cards

16 April 2013  |  9634 views  |  3 Card reader

American supermarket chain Schnucks says that around 2.4 million cards may have been compromised by a data breach which saw crooks install malware on its systems.

The St Louis-based retailer says that the credit and debit cards were compromised at 79 of its 100 stores between December and March.

The breach first came to light in mid-March when Schnucks' payment processor warned the grocer that 12 cards had been hit by fraud shortly after being used at stores.

With more fraud reports coming in and point-of-sale device tampering ruled out, Schnucks called in forensic investigation firm Mandiant which found malware designed to capture card numbers.

Having only warned customers that their cards could be compromised at the end of March, Schnucks has now revealed the extent of breach. Up to 2.4 million card numbers and expiration dates have been accessed but no names, addresses or any other identifying information.

Scott Schnuck, CEO, says: "We've worked hard to provide a secure transaction environment for our customers and, today I make a personal pledge to you that we will be relentless in maintaining the security of our payment processing system."

Comments: (3)

Keith Appleyard
Keith Appleyard - available for hire - Bromley | 16 April, 2013, 17:10

It goes without saying - if they say they've been certified as PCI compliant, then how can malware be accessing [encrypted] Cardnumber & Expiry Date?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 17 April, 2013, 06:58

Cleverly crafted malware can do all kinds of things, including decrypting data. PCI is a good starting point, but unfortunately not a guarantee that you won't be hacked. Anyone believing into any kind of certificate as a proof of absolute protection might as well believe in Santa Claus and the Easter Bunny ...

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 17 April, 2013, 15:45

 

At what point are retailers going to realize using the Internet as the datacom solution for POS transactions is simply not worth the risk?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Retailer sues Visa over data breach penalties

Retailer sues Visa over data breach penalties

12 March 2013  |  9230 views  |  0 comments | 12 tweets | 4 linkedin
South Carolina admits security failings in massive data breach case

South Carolina admits security failings in massive data breach case

22 November 2012  |  5066 views  |  0 comments | 7 tweets | 2 linkedin
Oz banks baulk at data breach notification laws

Oz banks baulk at data breach notification laws

19 October 2012  |  4937 views  |  1 comments | 1 tweets
Global Payments taken off PCI lists over data breach

Global Payments taken off PCI lists over data breach

02 May 2012  |  8718 views  |  0 comments
Global Payments breach affects up to 1.5m cardholders

Global Payments breach affects up to 1.5m cardholders

02 April 2012  |  8804 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
http://www.financialcrimerisk.fiserv.com/aml?r=finextraVisit contisgroup.com

Top topics

Most viewed Most shared
IBM and Visa join forces to turn billions of connected devices into points of saleIBM and Visa join forces to turn billions...
18552 views 11 comments | 55 tweets | 91 linkedin
EBA to relax controversial PSD2 authentication rulesEBA to relax controversial PSD2 authentica...
8989 views comments | 48 tweets | 66 linkedin
Kevin the bot uses blockchain to offer insurance for P2P transactionsKevin the bot uses blockchain to offer ins...
8724 views comments | 17 tweets | 15 linkedin
RBS to become fintech fund and high street outlet for challenger banks under HMT remedyRBS to become fintech fund and high street...
7359 views comments | 36 tweets | 33 linkedin
Standard Chartered connects corporate customers to WeChatStandard Chartered connects corporate cust...
5984 views comments | 17 tweets | 19 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job