14 DAY TRIAL // The ALDI grocery chain announced that unknown fraudsters have stolen credit card information from customers by planting rogue payment terminals in its stores.
ALDI Inc. is an international grocery retailer with a presence in Europe, Australia and the United States, where it operates over 1,100 stores across 31 states.
According to the company, the attackers installed the tampered point-of-sale terminals in its stores between June 1 and August 31, 2010.
The company doesn't reveal how the data was actually stolen, but the compromised information includes names, credit card account numbers and PINs.
ALDI customers from eleven states are believed to be affected. These include residents of Connecticut, New York, Georgia, Illinois, Indiana, Maryland, New Jersey, North Carolina, Pennsylvania, South Carolina and Virginia, but in some cases the attacks were limited to specific regions.
The company reviewed the terminals in all of its stores and believes to have removed all the rogue ones. It also notes that law enforcement authorities are currently investigating the breach and that it doesn't think its own employees were involved in the scheme.
"We take our obligation to safeguard our customers’ personal information very seriously and we sincerely regret that this incident may affect our customers," said [pdf] Terry Pfortmiller, Vice President of Finance & Administration, ALDI Inc.
The company doesn't mention any free credit monitoring subscription, but does advise customers to review their credit card statements and credit reports for suspicious activity.
The use of tampered payment terminals is not a new practice in the criminal world. Back in 2008 we reported that authorities in Europe have uncovered a highly sophisticated criminal network, which installed thousands of rogue card readers in retail stores across Europe.
The terminals were sending captured data to fraudsters over mobile telephone networks and were modified since before they even left the manufacturing factory in China.