Arizona's Bashas' grocery store chain yesterday announced that it was recently the victim of a cyber attack targeting customers' payment information.
"Bashas' is and has been compliant with all Payment Card Industry (PCI) security requirements. However, we recently located and removed a highly-sophisticated piece of malware that has never been seen before in the industry," the company stated in a consumer advisory [PDF file]. "The malware has been identified and contained, and we are working with forensic specialists and federal law enforcement officials in their investigation to find those responsible."
"Bashas' said in its statement that it has installed additional security measures in its point-of-sale and enterprise systems to further protect customer information," Supermarket News reports. "It has also sent emails to customers and media outlets, and posted notices in all of its stores notifying customers of the situation and asking them to monitor their credit card and debit card accounts."
"An executive with a card-issuing institution that serves the West Coast, who asked not to be named, says fraudulent transactions linked to the Bashas' breach have shown up in international markets," writes BankInfoSecurity's Tracy Kitten. "'From what we are seeing, this is a corporate breach that is very active with fraud occurring worldwide,' the executive says."