Grocer Aldi discloses breach of payment terminals

Share this article:
Grocery chain Aldi is warning customers that their payment card information may have been stolen after fraudsters placed altered point-of-sale terminals at a number of Aldi stores in 11 states.

How many victims? Undisclosed.

What type of personal information? Names, card account numbers, PINs.

What happened? The altered payment terminals were placed between June 1 and Aug. 31 at stores in  Connecticut, Georgia, Illinois, Indiana, Maryland, New Jersey, New York, North Carolina, Pennsylvania, South Carolina and Virginia.

Details: An Aldi spokeswoman declined to say how many stores, payment card terminals or customers were affected by the breach. However, more than 200 people who had shopped at an Aldi store in Wheeling, Ill. told law enforcement that they discovered unauthorized withdrawals of $100 to $900 from their bank accounts, according to reports. And, police in St. Charles, Ill. have said they received 32 reports of debit card fraud from people who had shopped at Aldi.

The company said it does not believe that any employees were involved in the breach.

Quote: “We take our obligation to safeguard our customers' personal information very seriously and we sincerely regret that this incident may affect our customers,” Terry Pfortmiller, vice president of finance and administration at ALDI, said in a statement.

What was the response? The breach has been reported to federal authorities. The company said it is investigating and believes it has removed all affected machines from its stores. Additionally, new security measures have been implemented to prevent a similar incident from reoccurring.

Aldi has recommended customers review and monitor their payment card statements and credit reports. Those who believe they were affected by the breach should immediately contact their bank or payment card company and local law enforcement. Customers with questions are advised to call Aldi at (877) 412-7152 or visit

Sources: Associated Press, “Grocer Aldi says vandals compromised payments,” Oct. 1, 2010.
Aldi news release, “Aldi Notifies Customers of Tampered Payment Card Terminals,” Oct. 1, 2010.
Share this article:

Next Article in The Data Breach Blog

Sign up to our newsletters


More in The Data Breach Blog

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.

Document posted to California city website, employee data accessed

In California, a document posted to the City of Encinitas website contained data on hundreds of current and former city staffers.