At some point in your electronic lives, most, if not all, of you have received e-mail from an entity which claimed to be your credit card company, but which turned out to be fraudulent. 3CM is no exception, and one recent message looked suspicious that way. It said that I was to be issued a new credit card soon, with a new account number. I couldn't imagine why, so I thought of forwarding that to my credit card firm's e-mail address for reporting spam. However, being a lazy loser, I didn't do so.
That turned out just as well, because when I later logged into my cc account, I saw a new account number that matched the apparent spam message. Later on, there was a phone message that sounded like a generic taped message which mentioned "possible credit card compromise at an undisclosed merchant", or words to that effect, but where both the old and new account #'s jibed. The penny finally dropped after I finally connected the dots, more or less, after reading a local newspaper headline (on-line). More below the flip....
For whatever reasons resembling discretion or some such thing, my cc company chose not to "name names" regarding the "undisclosed merchant". However, once I finally got it, it took no time to realize that the undisclosed merchant in question is this business. Local coverage in the Post-Dispatch began almost 4 weeks ago, and has kept pace in subsequent weeks, with the P-D's Georgina Guston doing a very good job of keeping on the story. You can read her key articles from the following links:
1. Gustin, 3/28/13
2. Gustin, 3/29/13
3. Kavita Kumar and Georgina Gustin, 3/31/13
4. Gustin, 4/7/13
5. Gustin, 4/9/13
6. Gustin, 4/10/13
7. Gustin, 4/15/13 (1st article of the day)
8. Gustin, 4/15/03 (2nd article of the day)
It's obviously very serious to learn that up to 2.4M credit and debit cards might have been compromised at the various Schnucks locations over a period of several months. Schnucks also earned a lot of wrath from customers over the perceived slow response to the security breach, leading to a lawsuit (of course), as noted by Gustin in her 4/10/13 article.
In an academic sense, it is interesting to read how hackers target supermarket chains compared to other shopping firms, as noted in Gustin's 3/29/13 article:
"'Supermarkets are one of those industries with very thin margins,' [Gary Palgon of Liaison Technologies] said. 'They don't have a lot of money to spend, and they haven't spent a lot of time and money to improve security as the should or could.'
The situation strikes some analysts as unfair and burdensome to retailers at large, and to grocery chains specifically.
'The banks have stacked the system. They're [sic] shifted the cost to retailers, and it's not right for retailers to take the hit,' said Avivah Litan, a security analyst with Gartner Inc., a technology research and advisory firm. 'It's very frustrating for grocery chains because their margins are so thin.'"
For all the brickbats aimed at Schnucks for the inadequacies of their response, it might be easy to forget who the real villains are here, namely the hackers themselves. Gustin noted in her 4/7/13 article:
"As the data security industry tries to keep pace with hackers, working in China or Eastern Europe or the next state over, they're losing. The bad guys of cyber crime appear to be a step ahead."
Corporations may be, and often are, stupid in their reactions to situations like this. But in this case, it bears remembering Schnucks did not commit these defraudings of their customers. The hackers did that. Of course, it's almost impossible to lash out at the hackers, since we don't know who they are. So it's easier to slam the big corporation here, even though, for once, it is a victim of crime rather than a perpetrator. (Yes, Kossacks, such a thing is possible.)
I'm not really here to render any sort of harsh judgment on Schnucks, as readers have already done so in the comment sections in the articles. This is because I was very, very late in becoming aware of this story, much later than I should probably admit. Having then caught up on this story, I went back and looked at my recent credit card statements to see if there were any invalid charges that I missed. I lucked out, at least so far. Still, I'll have to peruse upcoming statements more carefully for a while now. Plus, by happenstance, I've started to use cash a bit more often at Schnucks recently, even while I wasn't aware of the credit card breach situation. (If nothing else, it's convenient for getting change from using $20's.)
So the morals of the story, such as they are, are old ones in the credit card age:
(a) Hacking is wrong, and;
(b) Always be careful in how you use your credit card, because of losers who perpetrate (a).
Time will tell if 3CM proves to be one of the unfortunate 2.4M. With that, time for the usual SNLC protocol below, namely your loser stories of the week, which may or may not involve credit cards.
One final note: I am not here to monitor tonight's SNLC, but Richard Cranium has kindly offered to blogsit in my absence. So be nice to him :) . Others are welcome to help with blogsitting also.....