If you’ve shopped at Safeway in California or Colorado recently, you may want to check your bank accounts. The supermarket chain has admitted that it’s investigating card skimming attacks at several of its stores in those states.
Krebs on Security reports that financial institutions are investigating a series of attacks that seem to have taken advantage of compromised credit card terminals in Safeway stores. So far, it appears that specific lanes were targeted in stores, though currently Safeway hasn’t announced which of its branches were affected. Krebs does, however, point out that his sources tell him the attacks seem to be linked to Arvada, Conifer, Denver, Englewood, Lakewood, Castro Valley, and Menlo Park.
Perhaps more worrying is the fact that the scam may not be isolated to the supermarket chain. A Safeway spokesperson called Brian Dowling told Krebs that “this is not unique to our company, and we understand some other retailers may have been more significantly impacted.” It’s unclear which retailers he’s referring to, though it is thought that the attacks may have been occurring since early September.
While it’s unclear how the attacks may have taken place, the processes involved must have been elaborate. To obtain card data and PINs, the criminals must have had physical access to the machines at some point. Indeed, Krebs speculates that “skimming incidents involving checkout lanes in retail locations generally involve someone on the inside at the affected retailer.”
In the meantime, the advice remains the same: be wary of suspicious looking pay points, pay using credit card where you can, and alert your bank as soon as you notice any unauthorized activity on your accounts.
Image by Thomas Hawk under Creative Commons license