ST. LOUIS Credit unions and banks in as many as 17 states are blocking and reauthorizing credit and debit cards as a response to a major data breach revealed at regional supermarket chain Schnucks.
Schnucks said the breach impacted about 2.4 million credit and debit cards used at 79 of its 100 stores over the past three months. The company said the breach affected card numbers and expiration dates only. No names, addresses or other personal information was taken, it said.
“On behalf of myself, the Schnuck family, and all of our 15,000 teammates, I apologize to everyone affected by this incident,” said Scott Schnuck. “Over the years, technology has helped us deliver superior customer service, but it also introduces risks that we have actively worked to manage through compliance audits, encryption technology and various other security measures.”
Meantime, several cardholders sued Schnucks yesterday, claiming the company did not warn customers about the breach that led to fraudulent charges on customers’ credit cards. The group claims that Schnucks learned of the data breach on or about March 15, but did not inform the public with a press release until March 30. The lawsuit, which was filed Monday in St. Louis Circuit Court, seeks class-action status.
Schnucks said it was the victim of hackers who gained access to credit card and debit card information of customers. The company says it has contained the breach, but advised customers to continue monitoring their accounts for fraudulent charges.
The lawsuit accuses Schnucks of violating a Missouri law that requires a company with access to personal and financial information to disclose that a breach of information has occurred.
