Schnucks Apologizes for Hackers, Suggests Customers Get New Credit Cards (VIDEO)


Scott Schnuck apologizes. - VIA YOUTUBE
  • via YouTube
  • Scott Schnuck apologizes.

If you shopped at Schnucks between December and March and are still using the same credit card, you may want to get a new one. Or at the very least, watch your statements and notify your bank of suspicious charges.

So says Scott Schnuck, in yet another video apology for the massive security breach that exposed roughly 2.4 million credit and debit cards at a majority of their stores in the St. Louis metro region and beyond. This latest apology released on Friday comes in the wake of new lawsuits alleging that the local supermarket chain was negligent in their handling of this cyber attack -- and waited too long to alert customers.

And while Schnucks says it blocked access at the end of March and increased security on its payment system, cards used before that date, the company warns, are still vulnerable.

See also: - After Massive Credit Card Security Breach, Schnucks Faces Class-Action Lawsuit - Cops: Boy, 5, Wandering Schnucks Alone at Night, Doesn't Know His Last Name - Massive Credit Card Security Breach May Have Impacted 2.4 Million People

Here's the latest Schnucks announcement, which was published and promoted on the company's Facebook page less than a week after it ran a full-page apology ad in the Post-Dispatch.

"I sincerely apologize for the inconvenience caused by the cyber attack on our card-payment system," Schnuck, chairman and CEO, says in the video.

He explains that since the issue was contained on March 30, "You can use your new cards with confidence in our stores."

New cards, that is.

"Cards used before March 30 are still subject to fraud unless canceled and a new number issued," he says. "If you've not taken that step, please watch your statements, and notify your bank of suspicious charges."

He adds, "I promise that Schnucks will be relentless in working to maintain a secure payment-processing system."

As we've reported, the breach reportedly impacted 79 of its 100 stores, putting millions of customers' card numbers at risk -- though not their names or addresses, the company says.

Continue for more details on the security breach and the full text of Schnucks' print apology.

Here's the full text of Schnucks' print apology the previous week, followed by more details on the breach.

For more than seven decades you have always been able to depend on Schnucks to provide a unique combination of quality food, variety, value and service - both in our stores as well as in our communities.

We realize that with the recent credit card issue we fell short of expectations. On behalf of my family and company, I sincerely apologize to you, our customers and teammates, for how this incident affected you, your friends and family.

I also want you to know what we are doing to ensure it never happens again.

This event was unlike anything we have ever experienced. A cyber-attack is not like a bank robbery where you know immediately when it occurred and who was affected. The investigation requires painstaking analysis of digital evidence that takes time.

-When we first learned there might be an issue, we notified law enforcement and hired Mandiant, one of the nation's top forensic firms. Investigators worked non-stop to find the cause and block it from continuing.

-Our March 30 announcement that we shut down the attack came just 36 hours after we located the problem. Prior to that time, we had not found any evidence of an issue on our network.

-We moved quickly to share what we knew, when we knew it, through a variety of media. Our Consumer Affairs team and store management continue to work directly with customers.

-Because we have no ability to match card numbers with cardholder names, we could not contact you directly, so we shared important facts through media statements, postings on our website and signs and flyers in our stores.

-We have always sought to maintain a secure processing environment, including using encryption technology. We also participate in annual third-party audits of our security measures, the last of which was in November 2012.

-We have implemented new security measures and will continue to invest in security so that you can use your cards with confidence in our stores.

We worked with our payment processor and the credit card companies to provide at-risk card numbers to banks so those banks could block fraud and issue new numbers. However, the best way to avoid fraudulent charges as a result of this incident is to obtain a new card number. If you have not taken this step, please watch your statements carefully and notify your card provider of suspicious charges.

I give you my personal pledge that we will be relentless in working to maintain a secure payment processing system.

I thank those who helped to get us to this point including Mandiant, the Secret Service and FBI, our credit card and banking partners and Schnucks teammates across the company. Most importantly, I thank all of you, our valued customers, for your continued support.

Finally, I assure you that -- guided by the same principles, values and commitment to customers that have served us for nearly 75 years -- Schnucks is the same family company today that we were before this incident and, in the months to come, we will work hard to continue to demonstrate that.


Scott C. Schnuck Chairman and CEO


Original press release announcing details of the investigation.

SCHNUCKS RELEASES DETAILS OF CARD ISSUE AS INVESTIGATION NEARS END ST. LOUIS - Leaders of St. Louis-based Schnuck Markets, Inc., today announced that between December 2012 and March 29, 2013, approximately 2.4 million credit and debit cards used at 79 of its 100 stores may have been compromised. The company emphasizes that only the card number and expiration date would have been accessed - not the cardholder's name, address or any other identifying information.

Schnucks has posted a list of the 79 stores and specific dates for each store at In addition, Schnucks has distributed a timeline of the actions taken to investigate, find, contain, and share information about the cyber-attack, as well as a personal video message from Chairman and CEO Scott Schnuck.

"On behalf of myself, the Schnuck family, and all of our 15,000 teammates, I apologize to everyone affected by this incident," said Scott Schnuck. "Over the years, technology has helped us deliver superior customer service, but it also introduces risks that we have actively worked to manage through compliance audits, encryption technology and various other security measures."

"We've worked hard to provide a secure transaction environment for our customers and, today I make a personal pledge to you that we will be relentless in maintaining the security of our payment processing system. We expect that the actions we have taken and will take in the future will send a clear signal that our customers may continue to trust us," said Schnuck.

Schnucks has worked with its payment processor to make sure all potentially affected card numbers are sent to the credit card companies so that they may continue sending alerts to the issuing banks. Those banks will then be able to take steps to protect their cardholders, such as adding enhanced transaction monitoring or reissuing a new card. Many banks have already taken these steps.

"Customers have asked me if it is safe to shop at Schnucks," continued Schnuck. "Yes, we believe it is, and we will work hard to keep it that way."

Schnucks has created a dedicated call center for customers if they have additional questions about what happened and steps they can take to protect themselves. Please call 1-888-414-8022, Monday - Friday, 9 a.m. - 5 p.m. and through the weekend Saturday and Sunday, April 20-21, from 9 a.m. - 4 p.m.

Schnucks provided the Secret Service and FBI with information about the methods and tools used by the attacker and has worked and will continue to partner with law enforcement to apprehend those responsible.

Send feedback and tips to the author. Follow Sam Levin on Twitter at @SamTLevin.

Support Local Journalism.
Join the Riverfront Times Press Club

Local journalism is information. Information is power. And we believe everyone deserves access to accurate independent coverage of their community and state. Our readers helped us continue this coverage in 2020, and we are so grateful for the support.

Help us keep this coverage going in 2021. Whether it's a one-time acknowledgement of this article or an ongoing membership pledge, your support goes to local-based reporting from our small but mighty team.

Join the Riverfront Times Club for as little as $5 a month.