St. Louis-based Schnuck Markets, Inc., has stated that between December 2012 and March 29, 2013, the card numbers and expiration dates for approximately 2.4 million credit and debit cards used at 79 of the supermarket chain's 100 stores may have been compromised (h/t Help Net Security).
A list of the potentially affected stores can be viewed here.
According to the company, Schnucks was first informed by credit card companies on March 15, 2013 that fraud had been detected on 12 different cards that had been used at the company's stores. On March 19, company hired threat detection and response company Mandiant, which uncovered the first indication of a cyber attack on March 28. The issue was then contained within 36 hours.
"We have been working with our payment processor to provide all potentially affected card numbers to the credit card companies so that they may send alerts to the card issuing banks," the company said in a statement. "Those banks will then be able to take steps to protect their cardholders, such as adding enhanced transaction monitoring or reissuing a new card if these measures have not been taken already."
Customers with questions are advised to call (888) 414-8022. Anyone who incurred fees or fraudulent charges is asked to mail a "request for consideration of reimbursement with documentation of the expense" to the company's corporate offices.
"Over the years, technology has helped us deliver superior customer service, but it also introduces risks that we have actively worked to manage through compliance audits, encryption technology and various other security measures," company chairman and CEO Scott Schnuck said in a statement. "We’ve worked hard to provide a secure transaction environment for our customers and, today I make a personal pledge to you that we will be relentless in maintaining the security of our payment processing system."