Costco Disclosed Data Breach After Finding Credit Card Skimmer (bleepingcomputer.com) 17
Costco Wholesale Corporation has warned customers in notification letters sent this month that their payment card information might have been stolen while recently shopping at one of its stores. BleepingComputer reports: Costco discovered the breach after finding a payment card skimming device in one of its warehouses during a routine check conducted by Costco personnel. The company removed the device, notified the authorities, and is now working with law enforcement agents who are investigating the incident. "We recently discovered a payment card skimming device at a Costco warehouse you recently visited," Costco told potentially impacted customers in breach notification letters. "Our member records indicate that you swiped your payment card to make a purchase at the affected terminal during the time the device may have been operating."
Costco added that individuals impacted by this incident might have had their payment information stolen if those who planted the card theft device were able to gain access to the info before the skimmer was found and removed. "If unauthorized parties were able to remove information from the device before it was discovered, they may have acquired the magnetic stripe of your payment card, including your name, card number, card expiration date, and CVV," Costco revealed. The retailer advised the customers to monitor their bank and credit card statements for fraudulent charges and report suspicious transactions to relevant financial institutions. Data breach notification letters sent to affected individuals did not disclose the total number of impacted customers or the warehouse location where the skimmer device was found.
Costco added that individuals impacted by this incident might have had their payment information stolen if those who planted the card theft device were able to gain access to the info before the skimmer was found and removed. "If unauthorized parties were able to remove information from the device before it was discovered, they may have acquired the magnetic stripe of your payment card, including your name, card number, card expiration date, and CVV," Costco revealed. The retailer advised the customers to monitor their bank and credit card statements for fraudulent charges and report suspicious transactions to relevant financial institutions. Data breach notification letters sent to affected individuals did not disclose the total number of impacted customers or the warehouse location where the skimmer device was found.
News? (Score:1)
This happens every single day. Especially at gas station pumps. What's newsworthy about this, or am I missing something? This affects, what, maybe a hundred people that used that POS?
Re: (Score:1)
Re:News? (Score:5, Insightful)
I think the news here is that they handled it properly and responsibly.
This wasn't due to carelessness with data, or because they did something dumb ... someone physically installed a skimmer in their store. They discovered it doing a physical security check (good practice), notified anyone affected (good practice), and offered identity theft support to everyone involved (good practice.)
The only "news" to this, IMO, is that they handled it exactly how it should be done.
I would expect nothing less from Costco.
Re: (Score:2)
This affects, what, maybe a hundred people that used that POS?
It should only affect those who used magstripes. Skimmers don't work on chips.
We need to phase out magstripes.
Swiped the card? (Score:4, Informative)
At my local Costco, the POS devices have been NFC-enabled for several years. You can either just touch your card to the screen, or use an NFC payment device (I typically use my Apple Watch).
Costco - perhaps my favorite retailer (Score:3)
It's amazing how much stuff Costco sells that I end up "needing". It's a good thing I'm a disciplined buyer.
Costco treats their employees well; Costco treat me well, and they have good stuff.
I hope they don't end up earning a black eye over this.
As someone else mentioned, their credit cards have been NFC enabled for a long time. The tap makes filling up with gas as fast as humanly possible - though there always seems to be someone taking their sweet time adding petrol to their vehicles....
Re: (Score:2)
It's amazing how much stuff Costco sells that I end up "needing".
Like their raspberry crumble cookies? I "need" those far too often.
Accenture (Score:2)
Saw on a link on the article's page that Accenture had a data breach as well [bleepingcomputer.com]. I guess that's not surprising given that it is Accenture.
No information provided (Score:3)
It says they have 737 stores and found a skimmer at 1 (one) store.
And they don't tell us which store, or even which country it was in.
I assume this is a paid slashvertisement by Wally World?
Re: (Score:2)
If that's a Wal-Mart hit piece, it won't work. The incident makes Costco look responsive to their customers. It's a show of competence to find a problem quickly, alert those affected, and bring in law enforcement promptly to track down the criminals responsible.
Re: (Score:2)
Yeah, Costco handled it very well.
Found some more information somewhere else.
Chicago-area, 5 skimmers. Unclear if they were all at the same store, but it seems to be the case. They only captured magnetic stripe information, so these were probably on gas pumps.
Use Mobile Wallets (Score:1)
Time for tracking headers on card swipes? (Score:2)
Is it time for tracking information to be added for debit & credit card swipe transactions?
Like:
- Serial number of original card reader
- Every switch & route that touched the packet
- Processing center's computer(s)
- Bank that issued the card and is getting payment
Not claiming it's a good idea, or practical. But, in Costco's case, they might be able to track each and every user of that debit & credit c