Days after St. Louis-area police warned local shoppers not to use credit cards at Schnucks, the grocery chain has announced it’s “found and contained” a credit card hack and that it’s safe to shop with credit and debit cards again. But for some shoppers, the damage – financial and otherwise – is already done.
In a news release issued this morning, Schnucks said the computer forensic firm it’s working with found evidence of a cyberattack, in which the hackers were able to capture the magnetic stripe data from credit and debit cards as they were swiped.
“The security enhancements we have implemented in the last 48 hours are designed to block this attack from continuing,” Schnucks CEO Scott Schnuck said in a statement. “Our customers can continue using credit and debit cards at our stores.”
Unfortunately – for Schnucks – word of the cyberattack got out before the company was able to contain it (read: “Fraud Alert: Police Warn Not to Use Credit Cards at Schnucks”). So for a couple of weeks, it stayed largely silent as customers wondered whether it was safe to shop there at all. Police suggested that customers use cash at Schnucks, while Schnucks offered no opinion on the matter.
Some security experts say cyberattacked stores are typically advised not to sound alarm bells until the problem is solved. But customers say the least the company could have done was warn them that maybe it wasn’t a good idea to use credit or debit cards, while there was a good chance their cards were still being compromised. “I don’t understand why Schnucks can’t put a sign at the door saying: ‘Use your credit card at your own risk. We’re still having a problem,’” one shopper told the St. Louis Post-Dispatch. “They’re just letting people use their cards and not saying anything.” Numerous commenters on Schnucks’ Facebook page wondered the same thing.
In its news release, Schnucks offered this response: “Since Schnucks first received notice of this issue, our team and the computer forensics experts we hired have been working non-stop to find and contain the issue. We made this announcement as soon as we finished the work to contain the issue.”
Some customers are expressing sympathy for Schnucks, saying it didn’t invite the problem and did everything it could to solve it. “It is better to wait till you have facts before you say too much,” one Facebook commenter noted. But others aren’t buying the store’s explanation. “It’s about time for your delayed apology,” wrote another commenter. “You could’ve done this at least a week ago. It wouldn’t have hampered your investigation in any way.”
Schnucks’ competitor Dierbergs says it’s experienced an increase in business since Schnucks’ woes first came to light. The chain says it recently invested in a new encryption system designed to protect against cyberattacks.
Local banks are reporting losses of tens of thousands of dollars – each – and complaints from customers are still piling up, so the true extent of the problem isn’t yet known. Schnucks says it’s still working to get to the bottom of it. “We apologize for any inconvenience this may have caused our customers,” its news release concludes, “and we thank each of them for their patience while we worked hard to investigate their concerns.”
