US supermarket data breach exposes 2.4m cards

American supermarket chain Schnucks says that around 2.4 million cards may have been compromised by a data breach which saw crooks install malware on its systems.

3 comments

US supermarket data breach exposes 2.4m cards

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The St Louis-based retailer says that the credit and debit cards were compromised at 79 of its 100 stores between December and March.

The breach first came to light in mid-March when Schnucks' payment processor warned the grocer that 12 cards had been hit by fraud shortly after being used at stores.

With more fraud reports coming in and point-of-sale device tampering ruled out, Schnucks called in forensic investigation firm Mandiant which found malware designed to capture card numbers.

Having only warned customers that their cards could be compromised at the end of March, Schnucks has now revealed the extent of breach. Up to 2.4 million card numbers and expiration dates have been accessed but no names, addresses or any other identifying information.

Scott Schnuck, CEO, says: "We've worked hard to provide a secure transaction environment for our customers and, today I make a personal pledge to you that we will be relentless in maintaining the security of our payment processing system."

Sponsored [Webinar] AI in Banking: Building Compliant and Safe Enterprise AI at Scale

Related Company

Keywords

Comments: (3)

Keith Appleyard

Keith Appleyard IT Consultant at available for hire

It goes without saying - if they say they've been certified as PCI compliant, then how can malware be accessing [encrypted] Cardnumber & Expiry Date?

A Finextra member 

Cleverly crafted malware can do all kinds of things, including decrypting data. PCI is a good starting point, but unfortunately not a guarantee that you won't be hacked. Anyone believing into any kind of certificate as a proof of absolute protection might as well believe in Santa Claus and the Easter Bunny ...

 

A Finextra member 

 

At what point are retailers going to realize using the Internet as the datacom solution for POS transactions is simply not worth the risk?

[On-Demand Webinar] Ensuring Interoperability in the Age of Global, Cross-Border e-InvoicingFinextra Promoted[On-Demand Webinar] Ensuring Interoperability in the Age of Global, Cross-Border e-Invoicing