Recently, a grocery store chain experienced a data breach on a large scale, compromising the payment cards of approximately 2.4 million customers. This case illustrates the danger hackers pose to retail stores and the importance of strong layered security approach to protect the sensitive information of customers. Such technology is used to safeguard retail computers against hackers and can alert organization administrators if the internal system has been or is at risk of being breached.
Schnucks Markets’ computer systems were compromised between December 2012 and March 2013. Currently, the chain is in the middle of a lawsuit agreement to rectify the fact that it may not have properly secured sensitive customer information or notified individuals of jeopardized data in a timely manner.
Customer lawsuits
As a result of the breach, customers who used their cards at any chain location during that time may have had their information stolen. Many reported noticing fraudulent charges on their account statements during this period. Nine Schnucks customers have levied lawsuits against the chain due to the system violation. However, a strong computer monitoring program as part of a software layered security approach could prevent a breach of this kind in retailer IT systems. A protection strategy of this kind utilizes several levels of security to guard a system against hackers at every opportunity. It can also include whitelisting applications and reboot and restore software, which help an organization block malicious programs from the system, and provides administrators a way to restore computers to predetermined settings if they come under attack.
Currently, courts are deciding upon a preliminary deal that recently was presented to St. Louis Circuit Judge David Dowd. As included in the deal, Schnucks would pay $10 per compromised card as well as reimburse customers for expenses which were not returned by their financial institutions, such as overdraft or late fees associated with suspicious charges. Additionally, the chain would pay $10 for each hour spent dealing with fraudulent charges; customers could receive up to $30 for working with their bank to correct the issues.
Furthermore, the grocery chain would have to pay $10,000 for each documented case of identity theft resulting from the computer breach. This reimbursement would be capped at $300,000. However, the business would also have to pay $500 to each plaintiff involved in the lawsuit, as well as pay up to $635,000 in legal fees. Schnucks agreed to the deal, and is waiting on an official ruling from the judge on the case.
Not the only case
The Schnucks case is not the only time a store has experienced such a data breach. Earlier this year, hundreds of customer payment cards were compromised after an Arizona-based supermarket chain’s computer system was hacked.
After noticing several instances of suspicious transactions on customer cards, financial institutions traced the activity back to the Bashas’ Family of Stores, where all compromised cards were used. One security expert said the payment card information was likely stolen through an underground forum. Additionally, Bashas’ administrators said a new malware strain was responsible for leaking data from the chain’s computer system.
In a statement released by Bashas’, the company stated that it identified and removed a “highly sophisticated piece of malware” that is a brand new strain not previously recognized.
“We were recently the victim of a cyberattack by highly sophisticated criminals who gained access to parts of our systems to capture payment information,” read the statement. “The malware has been identified and contained, and we are working with forensic specialists and federal law enforcement officials in their investigation to find those responsible.”
As highlighted by such cases, retail stores should utilize a software layered security strategy to avoid breaches of this kind and enjoy brand loyalty and customer delight.