Schnucks announced Saturday that it "found and contained" a security breach that led hundreds of customers in the metro-east and St. Louis to be victims of credit and debit card fraud.
The company said it once again is safe to use credit and debit cards at the grocery stores.
The chain of 100 stores hired a computer forensic firm that worked nonstop until it discovered evidence of a computer code that captured the magnetic stripe data on the back of payment cards, according to Lori Willis, spokeswoman for Schnuck Markets Inc.
"After an extensive review, we confirmed that Schnucks was the victim of a cyber attack," said Scott Schnuck, chairman and chief executive officer.
The investigation now will focus on the length of time the issue existed, which stores were affected and how many customers were victims.
News of a fraud scam connected to Schnucks became public last week. Customers who shopped at stores throughout St. Louis were determined to be victims, as well as several customers who shopped at the Schnucks in Swansea.
Anna Perret and her husband, of Swansea, discovered about $10,000 missing from their bank accounts after using their debit card at the Swansea location.
"We have identified the issue and taken comprehensive measures to contain the incident," Schnuck said. "We are cooperating with law enforcement, the Missouri Attorney General's Office, and the credit card companies to determine the scope and magnitude of this crime and apprehend those individuals making fraudulent purchases.
"We have been told by the computer forensics expert that the security enhancements we have implemented in the last 48 hours are designed to block this attack from continuing," he continued. "Our customers can continue using credit and debit cards at our stores."
Schnucks advised that if customers suspect their cards may have been compromised, they immediately should contact their bank, credit union or other financial institution that issued their credit or debit cards.
Even though Schnucks has contained the attack, any card that already was compromised still could experience fraud. Once Schnucks identified which cards may have been accessed, it will work with credit card companies and banks so they can take preventative measures, Willis said.
Even if a customer has not noticed fraudulent charges, the bank may choose to cancel and reissue a new card, Willis said.
"We apologize for any inconvenience this may have caused our customers, and we thank each of them for their patience while we worked hard to investigate their concerns," Schnuck said.
Contact reporter Maria Hasenstab at firstname.lastname@example.org or 618-239-2460.