Schnucks Says Credit Card Fraud Source 'Found and Contained'
Kavita Kumar; Georgina Gustin, St Louis Post-Dispatch (MO)
Schnuck Markets Inc. said Saturday it had "found and contained" a breach into its payment system that led to widespread fraudulent charges on customers' credit and debit cards.
At least some customers said the news restored their confidence.
"I was going to pay cash, but I'm going to use my card now," said Sandi Reed, standing in line at the Schnucks on Mid Rivers Mall Drive in St. Peters. "I'm OK now. I feel safe."
A computer forensics team hired by the grocery store chain found evidence of computer code that captured magnetic stripe data on the back of customers' cards, Schnucks said in a statement. The chain said it was still working to determine how long the issue existed as well as how many customers and stores were affected.
Police investigators have logged at least 200 complaints from victims, who shopped at stores throughout the region, while area banks have reissued thousands of credit and debit cards over the past few weeks. Fraud victims who contacted the Post-Dispatch said they had been refunded for the fraudulent charges.
The grocery store chain said it had taken comprehensive measures to block any further unauthorized access to customers' cards. "After an extensive review, we confirmed that Schnucks was the victim of a cyberattack," Scott Schnuck, the company's CEO, said in the statement.
He went on to say that the security measures taken in the last 48 hours were designed to block the attack from continuing. But the company did not answer questions about when the breach occurred, where in its system hackers entered or what steps the company had taken to comply with industry security standards.
"Our customers can continue using credit and debit cards at our stores," Schnuck said in the statement. "We apologize for any inconvenience this may have caused our customers, and we thank each of them for their patience while we worked hard to investigate their concerns."
As consumers across the region reported fraudulent use of their cards in recent weeks, some law enforcement officials encouraged shoppers to use only cash or checks at Schnucks.
Investigators and fraud experts have said it could be some time before customers notice their cards have been compromised, so their investigations will continue. Typically hackers gain access to credit card information, then sell it on the Internet to second- and third-party buyers. The stolen information is often encoded into counterfeit cards, which are then sold on the black market. The sellers, however, may take months to sell the data after they gain access to it, which means more fraudulent charges could appear.
Investigators, including the Secret Service, which investigates financial fraud, have said they are waiting for the results of Schnucks' forensic investigation before they can proceed with criminal investigations. They continued to log new reports of fraud through Friday. …