Schnuck Markets Inc. said Saturday it had "found and contained" a
breach into its payment system that led to widespread fraudulent
charges on customers' credit and debit cards.
At least some customers said the news restored their confidence.
"I was going to pay cash, but I'm going to use my card now," said
Sandi Reed, standing in line at the Schnucks on Mid Rivers Mall
Drive in St. Peters. "I'm OK now. I feel safe."
A computer forensics team hired by the grocery store chain found
evidence of computer code that captured magnetic stripe data on the
back of customers' cards, Schnucks said in a statement. The chain
said it was still working to determine how long the issue existed as
well as how many customers and stores were affected.
Police investigators have logged at least 200 complaints from
victims, who shopped at stores throughout the region, while area
banks have reissued thousands of credit and debit cards over the
past few weeks. Fraud victims who contacted the Post-Dispatch said
they had been refunded for the fraudulent charges.
The grocery store chain said it had taken comprehensive measures
to block any further unauthorized access to customers' cards. "After
an extensive review, we confirmed that Schnucks was the victim of a
cyberattack," Scott Schnuck, the company's CEO, said in the
He went on to say that the security measures taken in the last 48
hours were designed to block the attack from continuing. But the
company did not answer questions about when the breach occurred,
where in its system hackers entered or what steps the company had
taken to comply with industry security standards.
"Our customers can continue using credit and debit cards at our
stores," Schnuck said in the statement. "We apologize for any
inconvenience this may have caused our customers, and we thank each
of them for their patience while we worked hard to investigate their
As consumers across the region reported fraudulent use of their
cards in recent weeks, some law enforcement officials encouraged
shoppers to use only cash or checks at Schnucks.
Investigators and fraud experts have said it could be some time
before customers notice their cards have been compromised, so their
investigations will continue. Typically hackers gain access to
credit card information, then sell it on the Internet to second- and
third-party buyers. The stolen information is often encoded into
counterfeit cards, which are then sold on the black market. The
sellers, however, may take months to sell the data after they gain
access to it, which means more fraudulent charges could appear.
Investigators, including the Secret Service, which investigates
financial fraud, have said they are waiting for the results of
Schnucks' forensic investigation before they can proceed with
criminal investigations. They continued to log new reports of fraud
through Friday. …