DENVER — Three Safeway grocery stores in Colorado fell victim to a credit card skimming attack last month, the company said Wednesday.
Skimmers were found on three point-of-sale machines in the self-checkout areas at Safeway stores at 9160 W. Colfax Ave. in Lakewood; 3800 W. 44th Ave. in Denver, and 27152 Main St. in Conifer, the Denver Post reports, according to a Safeway spokesperson.
Skimmers are devices designed to look like a part of credit card reader machinery, used by identity thieves to collect credit card data, including the card number and PINs. The stolen information can then be copied onto a blank card’s magnetic strip.
The skimming devices were found at the Safeway stores in early November and no others have been discovered since then, Staaf told the Denver Post.
It was not clear how many customers were affected by the breach. The threat was first reported by the online cyber security blog “Krebs on Security” Wednesday, and later confirmed by Safeway representatives.
On the blog, Safeway spokesman Brian Dowling was quoted as saying the company was investigating breaches at a handful of stores.
Citing unspecified bank sources, Krebs reported that some consumers’ debit accounts were mysteriously drained at ATMs. The common denominator between all the incidents was a trip to Safeway, reportedly, and a follow-up investigation showed that all of the affected customers had purchased goods from one of several specific lanes in different compromised stores.
Safeway customers who are concerned about possible fraud should review their bank statements for fraudulent activity in November or contact their cardholder or bank directly.
“The mass-issuance of chip-based credit and debit cards by U.S. banks to consumers should eventually help minimize these types of scams, but probably not for some time yet,” Krebs writes on his blog. “Most cards will continue to have all of the cardholder data stored in plain text on the magnetic strip of these chip-based cards for several years to come.”