How many victims? Undisclosed.
What type of personal information? Names, card account numbers, PINs.
What happened? The altered payment terminals were placed between June 1 and Aug. 31 at stores in Connecticut, Georgia, Illinois, Indiana, Maryland, New Jersey, New York, North Carolina, Pennsylvania, South Carolina and Virginia.
Details: An Aldi spokeswoman declined to say how many stores, payment card terminals or customers were affected by the breach. However, more than 200 people who had shopped at an Aldi store in Wheeling, Ill. told law enforcement that they discovered unauthorized withdrawals of $100 to $900 from their bank accounts, according to reports. And, police in St. Charles, Ill. have said they received 32 reports of debit card fraud from people who had shopped at Aldi.
The company said it does not believe that any employees were involved in the breach.
Quote: “We take our obligation to safeguard our customers' personal information very seriously and we sincerely regret that this incident may affect our customers,” Terry Pfortmiller, vice president of finance and administration at ALDI, said in a statement.What was the response? The breach has been reported to federal authorities. The company said it is investigating and believes it has removed all affected machines from its stores. Additionally, new security measures have been implemented to prevent a similar incident from reoccurring.
Aldi has recommended customers review and monitor their payment card statements and credit reports. Those who believe they were affected by the breach should immediately contact their bank or payment card company and local law enforcement. Customers with questions are advised to call Aldi at (877) 412-7152 or visit www.aldi.us.Sources: Associated Press, “Grocer Aldi says vandals compromised payments,” Oct. 1, 2010.
Aldi news release, “Aldi Notifies Customers of Tampered Payment Card Terminals,” Oct. 1, 2010.