Schnucks supermarket chain discloses breach that stole 2.4 million credit card numbers

Share this article:
Website hack leads to credit card breach of nearly 10K at N.C. medical practice
Website hack leads to credit card breach of nearly 10K at N.C. medical practice

A St. Louis-based grocery chain revealed Monday that hackers raided its systems to steal 2.4 million credit and debit card numbers.

The numbers corresponded to cards used by shoppers at 79 of 100 Schnucks Markets locations in the Midwest. The attacks may have persisted as long as four months, from last December through March 29.

Schnucks called in incident response firm Mandiant to conduct a forensic exam after it learned on March 15 from its credit and debit card processor that a dozen people experienced fraud on their cards after using them at Schnucks stores, a timeline showed.

On March 28, Mandiant uncovered data-stealing malware within Schnucks systems, and two days later, the threat was contained.

The company also said it is aware of fraudsters contacting Schnucks shoppers and requesting personal information by pretending to be breach investigators.

It's not clear how the breach happened, and a call to spokeswoman Lori Willis on Monday evening was not immediately returned.

"Over the years, technology has helped us deliver superior customer service, but it also introduces risks that we have actively worked to manage through compliance audits, encryption technology and various other security measures," Chairman and CEO Scott Schnuck said. "Customers have asked me if it is safe to shop at Schnucks. Yes, we believe it is, and we will work hard to keep it that way.”

Not surprisingly, the company also is facing a lawsuit, according to news reports Monday.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.