Top

blog

Stories

 

Schnucks Didn't Break Law, Is Also Victim in Credit Card Breach, Attorney General Says

scott-schnuck-ceo.jpg
via
Scott Schnuck, CEO.
The class-action lawsuits against Schnucks allege that the company was negligent in its handling of a massive security breach that potentially compromised millions of credit and debit cards. Customers seeking damages across Missouri and Illinois argue that the company had an obligation to tell patrons sooner than it did.

The Missouri Attorney General's office, however, has a different take on the breach: Schnucks is a victim, too.

"After reviewing the records and speaking with forensic investigators, we did not find that Schnuck Markets violated Missouri laws regarding data security," Nanci Gonder, spokeswoman for the attorney general, tells Daily RFT in an e-mail. "We are of the opinion that Schnuck Markets was itself a victim of criminal wrongdoing which remains under investigation by authorities."

See also:
- Schnucks: Credit Card Security Breach May Have Impacted 2.4 Million People
- Schnucks' Biggest Fans: St. Louis Couple Gets Married At Des Peres Supermarket
- Schnucks Lawsuit: Could Company Owe Millions of Dollars To Affected Customers?

As we reported back in April, Schnucks announced that a "cyber attack" between December of 2012 and March 29 of this year impacted a majority of the chain's 100 supermarkets and that shoppers during that timeframe who used credit or debit cards should monitor their accounts or consider getting new cards.

The company is now facing multiple class-action lawsuits from attorneys making a range of allegations of wrongdoing on behalf of the company.

Thumbnail image for schnucks 2.jpg
via

But from the perspective of the Attorney General's office, Schnucks did not do anything illegal -- a statement which will likely be useful to the company as it continues to argue in court that it should not be held responsible.

Gonder explains to Daily RFT that the attorney general's investigation was conducted over several months:

Investigators from the Attorney General's Office kept in contact with officials from Schnuck Markets for several months as information was gathered. As required by their agreements with credit card companies, Schnucks commissioned an independent forensic investigation firm to thoroughly examine their network, identify the source and cause of the breach, and submit a detailed report of their findings. Our investigators, in conjunction with investigators from the Illinois Attorney General's Office, interviewed the independent analyst who examined the breach and reviewed the thorough report the analyst prepared.

One of the suits brought on behalf of an Illinois woman alleges violations of the Illinois Consumer Fraud Act as well as the Illinois Personal Information Act.

Schnucks apology.

Schnucks has argued that the suits are without merit and that it informed customers as soon as it possibly could of the breach.

Attorney Jeff Millar, leading one of the Illinois suits, tells Daily RFT that new shoppers are frequently joining the class-action suit and are frustrated with the public apologies from the company.

"Customers are not happy," he says. "They've had to change all their cards.... They want to see...some remedial measures taken by Schnucks."

Asked about the latest developments in the litigation earlier this week, a Schnucks spokeswoman deferred to the company's past comments on the breach.

Send feedback and tips to the author. Follow Sam Levin on Twitter at @SamTLevin.


My Voice Nation Help
18 comments
James Madison
James Madison

Victims of crime do not need to apologize. @Schnucks responded and worked with credit card companies to minimize the damage, plus no customer lost anything if they simply followed the instructions provided. I know, I was one of those who got a new card, and my bank made sure each charge was legit. A hassle? Sure, blame the hackers. For those that think Schnucks is somehow riskier than others, think about it. Schnucks as their guard up right now. They are working overtime to make sure it does not repeat. They are probably the safest store in town to use your credit card today.

Max Schulze
Max Schulze

It's not the crime, its the coverup. Should have been fully honest sooner because it was the RIGHT thing to do, even though it wasn't absolutely required by law. Shameful.

Jeff Willett
Jeff Willett

Schnucks was as much a victim as the people ripped off, no apology needed.

Jennifer Timpe
Jennifer Timpe

Some people are pretty emotional... Look, it could happen anywhere. Prove that Schnucks is doing a terrible encryption job compared to every other store out there and we might have something to talk about. And until Dierburgs gets in to Alton, Schnucks doesn't have much serious competition here.

Marshall Patrick
Marshall Patrick

not unless they could have prevented the hack and failed to do so because of the cost

Tony Merklin
Tony Merklin

Yes. Definitely Yes. If not, Customers (do) have Brains and Legs. They'll just go to the Competitors, Dierbergs. Schnucks, Take Note. Just because the Missouri State Attorney General lets Scnhucks Off the Hook, A Higher Standard is the Customer Loyalty. Not all the remedies come about through the Attorney's Office. Let the Total Sales and Profit Margin be the Ultimate Judge........ To the Schnucks Bothers & Family: Better think long and hard before making this Decision. It's 7 times as hard to regain Customers that you've lost to a Schnucks Security Breach......You're Not in the Position to throw these Loyal Customers Away.

KeshKat Knk
KeshKat Knk

NO! People need to get over it! FORGIVE...move forward!

Michael P Goggins
Michael P Goggins

The problem was not that it happened, the problem was that after they knew it happened they did nothing to inform their customers. Only when it became public knowledge, did they get off their hands and inform people.

Melissa Butler
Melissa Butler

No. Shit happens. This is just a risk you take when you use anything besides cold, hard cash.

Martienne Cotter
Martienne Cotter

I've heard about a lot of databases being hacked, even X-Box (Microsoft accounts), but this is the first time I've seen people call the CEO the criminal instead of the hackers. I guess the hackers were "just doing their job" while the CEO of Schnucks invited them to take what they want? I bet Bill Gates is glad he wasn't charged in the MS hacking. I mean, obviously it was all his fault, not the fault of those sweet little hackers. Jerk. I'll never buy an X-Box, Windows phone or pc again, that's for sure.

Sara Ivie-Trankler
Sara Ivie-Trankler

I still shop there in high ridge. I love their employees and service.

Craig Stevens
Craig Stevens

They didn't break any laws, they just failed at providing necessary and proper security of their (and our) stored information.

Brian Seim
Brian Seim

Does it matter what I THINK..no.

Cappy Sue
Cappy Sue

The attorney general can go blow himself for all I care. They flat out drug at making people away of it and I no longer shop there.

Michael Cook
Michael Cook

They don't technically owe me anything, but if they want me to shop at one of the umpteen dozen Schnucks near me instead of one of the umpteen dozen Dierbergs near me, they should probably try a little harder.

johnhartfield
johnhartfield

I call BS. I suspect Schnucks was negligent based on some of the original stories in the Post-Dispatch which contained spin that a) Schnucks had met *minimum* industry standards for security and b) grocers have smaller profit margin... as if protecting their customer's financial data is a good area to scrimp.

From the beginning Schnucks was less then forthcoming with information and now I'm supposed to believe the AG has validated they're on the up and up?

I got hit with a $120 fraudulent charge on one card and had to cancel another as a precautionary move. Pretty disruptive for me.

So my family done with Schnucks; we trust Dierborgs and Shop n Save.

BTW MyVoice Nation appropriately suggests I change Schnucks to "Schmucks" or "Schnooks".

Now Trending

Around The Web

From the Vault

 

Loading...