Schnucks Runs Full-Page Ad Apology for Credit-Card Scandal As Lawsuits Allege Negligence

scott-schnuck.jpg
via
Scott Schnuck.
Scott Schnuck, chairman and CEO of Schnucks, is really sorry about the massive credit-card security breach at his 79 stores -- and he took out a full-page advertisement in the Sunday Post-Dispatch to express his remorse.

"We realize that with the recent credit card issue we fell short of expectations. On behalf of my family and company, I sincerely apologize to you, our customers and teammates, for how this incident affected you, your friends and family," Schnuck writes in the ad. "I also want you to know what we are doing to ensure it never happens again."

His message also includes a response to one of the central questions raised in a new class-action lawsuit that we wrote about last week: Did Schnucks wait too long to spread the word that millions of customers' credit cards may have been compromised?

See also:
- Schnucks: Massive Credit Card Security Breach May Have Impacted 2.4 Million People
- After Massive Credit Card Security Breach, Schnucks Faces Class-Action Lawsuit
- Cops: Boy, 5, Wandering Schnucks Alone at Night, Doesn't Know His Last Name

As we reported last month, Schnucks' security breach, stemming from some sort of "cyber attack" that affected a majority of its stores for months, put about 2.4 million credit and debit cards at risk.

Schnucks has repeatedly insisted that cardholders' names and addresses or other identifying information were not compromised, but that numbers and expiration dates could have been accessed.

Video apology from April.

The company is now facing separate lawsuits in Missouri and Illinois -- and in the latter, one of the key allegations is that Schnucks had an obligation to report the breach to the public sooner than it did. The company formally announced that it had contained the breach on March 30 -- but said that cards could have been affected starting in December of 2012.

In his apology ad, Schnuck writes:

-When we first learned there might be an issue, we notified law enforcement and hired Mandiant, one of the nation's top forensic firms. Investigators worked non-stop to find the cause and block it from continuing.

-Our March 30 announcement that we shut down the attack came just 36 hours after we located the problem. Prior to that time, we had not found any evidence of an issue on our network.

This will likely be a key legal argument of the company going forward -- that it informed customers as soon as it could. The customers and attorneys suing the company will aim to establish that Schnucks -- in addition to letting this breach happen in the first place -- was negligent with a delayed announcement.

His letter to customers also says, "This event was unlike anything we have ever experienced. A cyber-attack is not like a bank robbery where you know immediately when it occurred and who was affected. The investigation requires painstaking analysis of digital evidence that takes time."

Schnuck says the company worked with its payment processor and credit-card companies to provide at-risk numbers to banks so they could block fraud and issue new numbers. "However," he says, "the best way to avoid fraudulent charges as a result of this incident is to obtain a new card number. If you have not taken this step, please watch your statements carefully and notify your card provider of suspicious charges."

Schnucks, in a post on Facebook this morning, explained that the CEO chose a Post-Dispatch ad, in part, because "we have no way to match card numbers to names and addresses to contact you directly."

Here's the full text of the Sunday ad.

For more than seven decades you have always been able to depend on Schnucks to provide a unique combination of quality food, variety, value and service - both in our stores as well as in our communities.

We realize that with the recent credit card issue we fell short of expectations. On behalf of my family and company, I sincerely apologize to you, our customers and teammates, for how this incident affected you, your friends and family.

I also want you to know what we are doing to ensure it never happens again.

This event was unlike anything we have ever experienced. A cyber-attack is not like a bank robbery where you know immediately when it occurred and who was affected. The investigation requires painstaking analysis of digital evidence that takes time.

-When we first learned there might be an issue, we notified law enforcement and hired Mandiant, one of the nation's top forensic firms. Investigators worked non-stop to find the cause and block it from continuing.

-Our March 30 announcement that we shut down the attack came just 36 hours after we located the problem. Prior to that time, we had not found any evidence of an issue on our network.

-We moved quickly to share what we knew, when we knew it, through a variety of media. Our Consumer Affairs team and store management continue to work directly with customers.

-Because we have no ability to match card numbers with cardholder names, we could not contact you directly, so we shared important facts through media statements, postings on our website and signs and flyers in our stores.

-We have always sought to maintain a secure processing environment, including using encryption technology. We also participate in annual third-party audits of our security measures, the last of which was in November 2012.

-We have implemented new security measures and will continue to invest in security so that you can use your cards with confidence in our stores.

We worked with our payment processor and the credit card companies to provide at-risk card numbers to banks so those banks could block fraud and issue new numbers. However, the best way to avoid fraudulent charges as a result of this incident is to obtain a new card number. If you have not taken this step, please watch your statements carefully and notify your card provider of suspicious charges.

I give you my personal pledge that we will be relentless in working to maintain a secure payment processing system.

I thank those who helped to get us to this point including Mandiant, the Secret Service and FBI, our credit card and banking partners and Schnucks teammates across the company. Most importantly, I thank all of you, our valued customers, for your continued support.

Finally, I assure you that - guided by the same principles, values and commitment to customers that have served us for nearly 75 years - Schnucks is the same family company today that we were before this incident and, in the months to come, we will work hard to continue to demonstrate that.

Sincerely,

Scott C. Schnuck
Chairman and CEO

Send feedback and tips to the author. Follow Sam Levin on Twitter at @SamTLevin.



Sponsor Content

Now Trending

St. Louis Concert Tickets

From the Vault

 

General

Loading...