Consumers who shopped at any of the 79 Schnucks stores reporting potential card number theft are considered at risk for possible fraud.
Only card numbers and expiration dates were stolen from 2.4 million customers' credit and debits card, not cardholder names or addresses.
Dr. Vijay Anand of Southeast Missouri State University’s cybersecurity program says such limited information can still allow the culprits to create copycat cards. Anand says copycat cards could only be used at locations not protected by the Payment Card Industry Data Security Standard, but the risk is still real.
Anand says it is important to learn more about the compromised database’s security features.
“If they were able to get to the card number, is the database that is holding this card number secure enough, and what are the measures that the business is doing to protect this information? Those are other questions that have to be asked,” Anand said.
This type of attack is more common now because of an increase in electronic payments worldwide. The most notorious attack was in 2007 when T.J. Maxx experienced a security breach of information from almost 46 million cards.
Chris Thetford is the Vice President of Communications at the St. Louis Better Business Bureau. He says the Schnucks security breach could still lead to fraudulent issues for cardholders.
“The information that Schnucks has confirmed that was stolen by the thieves would be enough for people to use that information to create copycat cards, credit cards or debit cards, with those numbers on it,” Theford said. “So people do need to watch their bank and checking accounts.”
The Bureau still recommends that using debit and credit cards at Schnucks is safe.