Breach affects payment cards used at hundreds of Fred’s Super Dollar stores in 14 states

Fred's Inc. confirmed that an unauthorized person gained access to two servers that payment card data is routed through after cards are swiped at Fred's Super Dollar stores, and placed a program capable of making a copy of the payment card data.

How many victims? Undisclosed.

What type of personal information? Track 2 card data, including card numbers, expiration dates and verification codes.

What happened? An unauthorized person gained access to two servers that payment card data is routed through after cards are swiped at Fred's Super Dollar stores, and placed a program capable of making a copy of the payment card data.

What was the response? The incident has been contained. Fred's is supporting a law enforcement investigation, is working with payment card companies, and is implementing enhanced security measures.

Details: The program was placed on both servers on March 23 – it stopped operating on one server on April 8, and stopped operating on the other server on April 24. Throughout that time period, hundreds of stores were impacted across 14 states, including Alabama, Arkansas, Florida, Georgia, Illinois, Kentucky, Louisiana, Missouri, Mississippi, North Carolina, Oklahoma, South Carolina, Tennessee, and Texas.

Quote: “Transactions for half of our stores are routed through one server and the other half of our stores are routed through the second server,” an FAQ said.

Source: fredsinc.com, “Fred's Inc. Identifies and Stops Payment Card Security Incident,” August 2015.