Schnuck Markets says more than two million customers in the St. Louis area may have been impacted by a data breach that stretched from December 2012 until March 29.
The company said in a statement today that the cyber-attack possibly affected 79 of its 100 stores. Officials emphasized that the hackers only accessed the credit card numbers and expirations dates of victims - not their names, addresses or any identifying information.
The company first learned of the breach on March 15, and four days later hired a Virginia-based company to conduct a full investigation. The company says the breach was controlled by March 30, and the investigation is wrapping up.
Scott Schnuck, the company's chairman and CEO, issued the following statement:
"On behalf of myself, the Schnuck family, and all of our 15,000 teammates, I apologize to everyone affected by this incident. Over the years, technology has helped us deliver superior customer service, but it also introduces risks that we have actively worked to manage through compliance audits, encryption technology and various other security measures.
We've worked hard to provide a secure transaction environment for our customers and, today, I make a personal pledge to you that we will be relentless in maintaining the security of our payment processing system. We expect that the actions we have taken and will take in the future will send a clear signal that our customers may continue to trust us."
Schnucks says it's working to send all of the potentially affected card numbers to credit card companies so they can send alerts to the issuing banks.
- See the list of the 79 stores that were potentially affected.
- Customers who have questions can call 1-888-414-8022 between 9 a.m. and 5 p.m. Monday through Friday, and between 9 a.m. and 4 p.m. on April 21 and 22.
Follow St. Louis Public Radio on Twitter: @stlpublicradio