Schnucks Runs Full-Page Ad Apology for Credit-Card Scandal As Lawsuits Allege Negligence

scott-schnuck.jpg
via
Scott Schnuck.
Scott Schnuck, chairman and CEO of Schnucks, is really sorry about the massive credit-card security breach at his 79 stores -- and he took out a full-page advertisement in the Sunday Post-Dispatch to express his remorse.

"We realize that with the recent credit card issue we fell short of expectations. On behalf of my family and company, I sincerely apologize to you, our customers and teammates, for how this incident affected you, your friends and family," Schnuck writes in the ad. "I also want you to know what we are doing to ensure it never happens again."

His message also includes a response to one of the central questions raised in a new class-action lawsuit that we wrote about last week: Did Schnucks wait too long to spread the word that millions of customers' credit cards may have been compromised?

See also:
- Schnucks: Massive Credit Card Security Breach May Have Impacted 2.4 Million People
- After Massive Credit Card Security Breach, Schnucks Faces Class-Action Lawsuit
- Cops: Boy, 5, Wandering Schnucks Alone at Night, Doesn't Know His Last Name

As we reported last month, Schnucks' security breach, stemming from some sort of "cyber attack" that affected a majority of its stores for months, put about 2.4 million credit and debit cards at risk.

Schnucks has repeatedly insisted that cardholders' names and addresses or other identifying information were not compromised, but that numbers and expiration dates could have been accessed.

Video apology from April.

The company is now facing separate lawsuits in Missouri and Illinois -- and in the latter, one of the key allegations is that Schnucks had an obligation to report the breach to the public sooner than it did. The company formally announced that it had contained the breach on March 30 -- but said that cards could have been affected starting in December of 2012.

In his apology ad, Schnuck writes:

-When we first learned there might be an issue, we notified law enforcement and hired Mandiant, one of the nation's top forensic firms. Investigators worked non-stop to find the cause and block it from continuing.

-Our March 30 announcement that we shut down the attack came just 36 hours after we located the problem. Prior to that time, we had not found any evidence of an issue on our network.

This will likely be a key legal argument of the company going forward -- that it informed customers as soon as it could. The customers and attorneys suing the company will aim to establish that Schnucks -- in addition to letting this breach happen in the first place -- was negligent with a delayed announcement.

His letter to customers also says, "This event was unlike anything we have ever experienced. A cyber-attack is not like a bank robbery where you know immediately when it occurred and who was affected. The investigation requires painstaking analysis of digital evidence that takes time."

Schnuck says the company worked with its payment processor and credit-card companies to provide at-risk numbers to banks so they could block fraud and issue new numbers. "However," he says, "the best way to avoid fraudulent charges as a result of this incident is to obtain a new card number. If you have not taken this step, please watch your statements carefully and notify your card provider of suspicious charges."

Schnucks, in a post on Facebook this morning, explained that the CEO chose a Post-Dispatch ad, in part, because "we have no way to match card numbers to names and addresses to contact you directly."

Here's the full text of the Sunday ad.

For more than seven decades you have always been able to depend on Schnucks to provide a unique combination of quality food, variety, value and service - both in our stores as well as in our communities.

We realize that with the recent credit card issue we fell short of expectations. On behalf of my family and company, I sincerely apologize to you, our customers and teammates, for how this incident affected you, your friends and family.

I also want you to know what we are doing to ensure it never happens again.

This event was unlike anything we have ever experienced. A cyber-attack is not like a bank robbery where you know immediately when it occurred and who was affected. The investigation requires painstaking analysis of digital evidence that takes time.

-When we first learned there might be an issue, we notified law enforcement and hired Mandiant, one of the nation's top forensic firms. Investigators worked non-stop to find the cause and block it from continuing.

-Our March 30 announcement that we shut down the attack came just 36 hours after we located the problem. Prior to that time, we had not found any evidence of an issue on our network.

-We moved quickly to share what we knew, when we knew it, through a variety of media. Our Consumer Affairs team and store management continue to work directly with customers.

-Because we have no ability to match card numbers with cardholder names, we could not contact you directly, so we shared important facts through media statements, postings on our website and signs and flyers in our stores.

-We have always sought to maintain a secure processing environment, including using encryption technology. We also participate in annual third-party audits of our security measures, the last of which was in November 2012.

-We have implemented new security measures and will continue to invest in security so that you can use your cards with confidence in our stores.

We worked with our payment processor and the credit card companies to provide at-risk card numbers to banks so those banks could block fraud and issue new numbers. However, the best way to avoid fraudulent charges as a result of this incident is to obtain a new card number. If you have not taken this step, please watch your statements carefully and notify your card provider of suspicious charges.

I give you my personal pledge that we will be relentless in working to maintain a secure payment processing system.

I thank those who helped to get us to this point including Mandiant, the Secret Service and FBI, our credit card and banking partners and Schnucks teammates across the company. Most importantly, I thank all of you, our valued customers, for your continued support.

Finally, I assure you that - guided by the same principles, values and commitment to customers that have served us for nearly 75 years - Schnucks is the same family company today that we were before this incident and, in the months to come, we will work hard to continue to demonstrate that.

Sincerely,

Scott C. Schnuck
Chairman and CEO

Send feedback and tips to the author. Follow Sam Levin on Twitter at @SamTLevin.



Advertisement

My Voice Nation Help
22 comments
Adam Usher
Adam Usher

We got a call yesterday that our card was used in a Illinois Home Depot for $209. I haven't use that card in over a month since this all started. Thanks Schnucks for keeping this hidden for so long.

Tony Merklin
Tony Merklin

To the Schnucks Brothers Scott & Craig: Do What your Father and Grandfather would have done !!!! Make your Customers Whole Again .........that's What's Expected..............

John L. Williams
John L. Williams

I like Schnuck's stores. But I think they should do an in store credit card like Target does. Then people can get 5% off their purchases and not get "Schnucked."

Blair Z. Halpern
Blair Z. Halpern

US Bank took care of me fine - closed my card, issued a new one at no cost. Minimal hassle being without that card for a few days. No big deal. I can't believe anybody would put up with paying for a new card like Lisa Haggnauer says PNC is doing.

Christine O'Neill
Christine O'Neill

Lisa, time for you to switch to a new bank, if they're seriously charging you for new card. My credit union issued me a new card, without asking (my account hasn't been compromised, though I've been keeping an eye on it in case). Get a bank that treats you like a valued customer.

Shane Smith
Shane Smith

Schnucks grocery will officially be changing their name to, Shucks grocery.

Cappy Sue
Cappy Sue

I do not forgive Schnucks nor care about there stupid apology page. What would of impressed me is if they had been in a rush to get it out to the news, put up signs letting people know in store that cards may not of been safe. Then I would care. To date nothing but a giant bunch of bad business people is how I see them.

Chris McDaniel
Chris McDaniel

Shit happens... This is the new terrorism, get used to it. Also, if your bank isn't stepping up to protect you — time to shop for a new bank.

Brian Artimisi
Brian Artimisi

Just when we thought they couldn't do anything dumber, they do something like this...AND TOTALLY REDEEM Themselves!

Jessica Kruse
Jessica Kruse

i have to pay credit card financing on any purchases made while waiting for my new bank card to arrive. pain

Matthew Pickett
Matthew Pickett

First, why did it take so long for them to do this? Second, are they going to offer something to the impacted shoppers (such as a grocery card)? If not, they are inviting a class action suit - especially since they have stores in one of the least defendant-friendly court systems in the entire country.

Bob Dre
Bob Dre

I almost used credit at schnucks recently, almost.

Todd Alan
Todd Alan

^^^^sorry I don't buy that story. The breech was months ago. Its true that unless people get new cards, their accounts could be hit days, weeks or months later as the hackers sell the numbers all over the world. Unless it's proven Schnucks failed the annual security audits or cut corners on IT security etc this is an unfortunate incited that Schnucks just happened to be the victi. Chosen

Lisa Scaturro Hagnauer
Lisa Scaturro Hagnauer

Yes it happens but my bank PNC is charging people to get new cards! That makes me more upset then this actually!

Karen Hall
Karen Hall

considering they're claiming it's taken care of and one of my friends and their BRAND NEW CARD got hit three days ago, no. i don't. i still shop there, if i have to but on;y use cash. this should have been handled a lot differently.

Lauren M Brace
Lauren M Brace

For those who don't have fraud protection on their card this security breach is detrimental.

Stephen Francis Engelmeyer
Stephen Francis Engelmeyer

yes, and even early on to me when this news first broke it was quite clear for me even then to be concerned. People should chill out on slamming Schniucks.

Kyle Jones
Kyle Jones

Oh. They said they were sorry. Sounds perfect. All is forgiven.

Now Trending

St. Louis Concert Tickets

From the Vault

 

General

Loading...