SAN FRANCISCO (12/12/11)--A San Francisco-area Lucky supermarket stores card-reader scam that led to identity theft for some store employees and customers has others worried about their debit or credit card accounts. However, financial institutions are aware of the situation and those affected do not need to close their financial accounts, said the California Credit Union League.
The store chain announced Dec. 5 that thieves placed card skimmers into the readers of self-checkout terminals at 23 stores, capturing personal information from 23 customers and 80 employees. Money was stolen from some victims' checking accounts. Store officials had advised anyone who used the terminals in recent months to immediately close their accounts and seek advice from their financial institutions.
However, consumers "should not be inconvenienced by opening a new account, nor is that advisable," said Diana Dykstra, president/CEO of the California and Nevada Credit Union Leagues. "Financial institutions have been notified about cards that could have been compromised, so they can now monitor accounts for possible fraud and provide that information to consumers."
If needed, consumers can get a new credit card or debit card account number over the phone or online, rather than having to go to the trouble of visiting a financial institution, the league said.
The company first learned of the breach around Nov. 11 and sent out a consumer advisory on Nov. 23, according to a company spokesperson. It has no estimate on the number of victims and said reports keep coming in.
"Thousands more could be at risk," Dykstra said.
SaveMart, the parent company of Lucky, said it checked all its stores and its card readers now are safe. It operates 233 stores in Northern California and Northern Nevada under the Save Mart, S-Mart Foods, Lucky, and FoodMaxx banners.
"It is important for the sake of the consumer that merchants quickly respond when these types of breaches occur," Dykstra said. "It is just as imperative that merchants be more responsible for the effect these types of breaches can have on financial institutions that absorb the costs of re-establishing accounts and reissuing cards."
A card breach at a chain supermarket in 2008 resulted in a major compromise of a large number of customers' accounts, with significant losses to consumers and credit unions.
In the Hannaford Bros. supermarket credit and debit card breach, which occurred between Dec. 7, 2007 and March 10, 2008, it is estimated that the card numbers of more than four million people were stolen in the security breach. During the breach, cyber criminals hacked into Hannaford's system and accessed card numbers used at 165 Hannaford supermarkets in the Northeast and 106 Sweetbay stories in Florida (News Now Nov. 21).
At least 1,800 numbers were used for unauthorized fraud. Hannaford discovered the breach in February 2008 and made it public March 17, 2008. Many credit unions were among the financial institutions that reissued new cards to consumers.