Schnuck Markets Inc., has been under fire since late last month when reports of unauthorized card use started emerging, with customers seeing charges ranging from a couple of dollars to thousands. These breaches can costs companies millions in investigative and legal bills, lost business and fines.
Sunday’s statement from the company is the first to reveal the extent of the breach. As many as 2.4 million credit and debit cards used at 79 Schnuck stores may have been compromised over a three-month period, leading to widespread fraudulent charges at locations around the globe, the company said Sunday.
“On behalf of myself, the Schnuck family and all of our 15,000 teammates, I apologize to everyone affected by this incident,” said Scott Schnuck, in a written statement. “Over the years, technology has helped us deliver superior customer service, but it also introduces risks that we have actively worked to manage through compliance audits, encryption technology and various other security measures.”
Payment card companies impose “stringent rules” and insist that any merchant that accepts credit cards is required to adhere to industry standards for data security, including annual audits. Schnuck says it underwent such an audit in November last year and passed.
However, it is debatable how “stringent” are the rules imposed by PCI and whether they are sufficient enough to foil the increasingly sophisticated hacker attacks targeted at stealing data. Experts said the problem is so great that the data security industry is scrambling to get ahead of hackers — and, in many cases, the hackers are winning.
Unfortunately, smaller businesses and local retail stores chains are, increasingly, becoming targets for hackers because they’re perceived as having weaker security systems. An Arizona-based grocery chain, similar in size to Schnuck, was hacked in February.