Grocery Chain Reveals Impact of POS Network Breach
The Schnucks Markets grocery store chain reports that about 2.4 million debit and credit cards were probably exposed in a breach of its point of sale network in December 2012. The company verifies that malware designed to access card numbers was uncovered on its network, eliminating the likelihood that the breach stemmed from an insider scheme or POS-device tampering. Schnucks says it is working with its unnamed payment processor to alert card brands and card-issuing banking institutions of all potentially compromised card numbers. The grocer says card brands notified it on March 15 that fraudulent activity on 12 credit cards had been connected to Schnucks by card-issuing institutions. Schnucks hired Mandiant to review the breach, and worked with the forensics investigation company to contain and hinder the attack. Schnucks also notes it was complying with the PCI Data Security Standard as of its most recent audit in November. Gartner analyst Avivah Litan says the apparent ineffectiveness of PCI compliance at breached entities and merchants should be more deeply probed.
From “Schnucks: Millions of Cards Exposed”
BankInfoSecurity.com (04/16/13) Kitten, Tracy