Schnucks Will Post List Of Stores Hit By Cyberattack

The grocer is still investigating the scope of a data breach that compromised debit and credit card information.

A Schnucks spokesperson Tuesday could not specify exactly when, but said the grocer will identify a list of stores impacted by a cyberattack last month which left customers vulnerable to identity theft and fraudulent charges on their debit or credit cards along with a timeframe if when they were vulnerable.

The company has already announced that it had "found and contained" the problem, but hasn't said exactly how it happened. "We have never spoken to scope of this because we just don't know it," Lori Willis said by phone Tuesday morning.

The company released a weekend statement updating the situation, which you can read below.

"We announced on March 30 that we had found and contained the issue.  We strongly believe our containment measures were successful – we have not seen any indication of unauthorized access since those measures were implemented.

Please be assured that the security of our customers’ information is a top priority.  We have been working non-stop to contain this issue, protect customers whose cards may have been accessed, and implement security enhancements to prevent a reoccurrence.  Since we found and contained the issue, our forensic investigation has been focused on identifying each store that was affected and the dates during which cards could have been accessed at each store.  As soon as we complete that analysis in the coming days, we will provide that information to the credit card companies so that they can notify all of the banks who issued cards that may have been accessed.  Those banks will then be able to conduct additional monitoring of those cards or cancel and reissue new cards.  We will also post a list of those stores and the timeframes on our website.

We have been listening intently to our customers since this incident first began.  Our Consumer Affairs department has talked to more than 1,500 of our customers – providing as much accurate information as was available in addition to identifying steps that they could take to protect themselves from fraudulent charges.   We have also been working with state and federal law enforcement authorities, including the Missouri and Illinois Attorneys General, the Secret Service, and the FBI.

 There are two additional perceptions we want to address:

•       Schnucks did not know on March 15 that it had been the victim of a cyberattack.  Rather, Schnucks was informed by credit card companies on Friday, March 15 that banks had detected fraud on 12 different credit cards that had been used at Schnucks.  We immediately began an investigation, and engaged forensic investigators from Mandiant, the leading payment card industry forensic investigation firm.  When Mandiant found the first indication of a cyberattack on March 28, Schnucks’ IT department worked with Mandiant for the next 36 hours to contain the incident and block any further access to payment card data.

•       Schnucks continuously works to maintain its payment card processing environment in compliance with the Payment Card Industry Data Security Standards (PCI DSS).  Schnucks hires a third party security assessor every year to validate its compliance with PCI DSS.  At the most recent annual audit in November 2012, Schnucks was validated by its assessor as PCI DSS compliant.

 If you have any additional questions about this matter, please feel free to call 1-888-414-8022 (Monday – Friday 9 am - 5pm CT)."

Willis told Patch that the consumer affairs division has heard from an out of state customer in Iowa and that while nothing is being ruled out, the problem seems to be focused on the St. Louis area.

Experts have said that even though the issue was contained, customers should still be vigilant with their account statements, since the information which was compromised may still be in the process of being sold or otherwise passed on to other people who may still yet incur fraudulent charges

Maureen Saunders April 09, 2013 at 04:47 PM
Brentwood was one of the stores. There were fraudulent purchases on my card and I needed to cancel the card. On another note to tonight Tuesday April 9 at 6.30 pm at Brentwood City Hall I am hosting my monthly ward meeting. All Brentwood residents are invited. We will discuss the Schmucks issue, state audit status , rec center survey, boys hope girls hope and any of your concerns. Please consider attending Maureen
Bob April 10, 2013 at 12:49 AM
Did you mean Schnucks or as written, Schmucks? lol
alan April 10, 2013 at 03:23 AM
was that reallly necessary there are such things as typos that do happen to all of us uggg
R Jones April 10, 2013 at 05:08 PM
I think in this case either spelling works Alan.
Eric Barnes April 11, 2013 at 01:35 AM
The store in O'Fallon at K&N was another store hit. That's where they got mine... and used it in Houston.


More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »