Bashas' – the Arizona-based grocery chain – is informing customers that it has fallen victim to a highly sophisticated cyberattack that targeted the payment information stored on its systems.
The company’s representatives say they’re compliant with all PCI security requirements, but the malware they’ve identified on their systems is new and sophisticated.
“The malware has been identified and contained, and we are working with forensic specialists and federal law enforcement officials in their investigation to find those responsible,” the company stated.
Bashas' has deployed additional security measures to protect the sensitive information stored on its computers, but customers are strongly encouraged to monitor their finances.
According to BankInfoSecurity, the breach – discovered on February 5 – affects credit and debit card holders who have made purchases at one of the 130 establishments from Arizona.
The Lake Havasu City Police Department received numerous credit card fraud reports over the past period. On February 1, the department revealed that it had found “a common nexus of transactions to have occurred at either Bashas’ or Food City.”
Authorities learned that the crime trend affected not only the State of Arizona, but also California and New Mexico.
Lake Havasu City police representatives told BankInfoSecurity that they believed the breach took place sometime in December.
“Our detectives have been in contact with neighboring jurisdictions and they have been overwhelmed by reports coming in to them as well. They are just now getting fraud reports en masse,” Sgt. Troy Stirling, a spokesman for the Lake Havasu City police, said.
This isn’t the only major data breach that occurred over the past few months. In October 2012, Barnes & Noble came forward admitting that hackers stole credit card information from 63 stores.
At the beginning of this year, the Georgia-based Zaxby’s restaurant chain also said that it had found pieces of malware on the computers of over 100 of its establishments.