FRAUD TREND ALERTS
October 4, 2017 – Whole Foods Market Breach
Summary: Whole Foods Market Payment Card Investigation Notification
(The Amazon.com systems do not connect to the affected systems at Whole Foods Market. Transactions on Amazon.com have not been impacted).
FIS Fraud Management has been notified regarding a U.S. network intrusion affecting an unspecified number of Visa credit/debit cards across the industry. There are no Mastercard Alerts identified with this event at this time.
This alert has been categorized as CRITICAL however keep in mind the investigation is still in the discovery stages and additional information may be forthcoming.
The estimated exposure window for debit or credit cards used for payment processing is March 10, 2017 through September 28, 2017.
Whole Foods Market has acknowledged the event. The affected venues include taprooms and full table-service restaurants located within some stores which use a different point of sale system than the company’s primary store checkout systems. However, while some locations do not have taprooms and restaurants, Whole Foods Market encourages its customers to closely monitor their payment card statements and report any unauthorized charges to the issuing bank.
For a statement from Whole Foods regarding the event as well as to check the venues related to the breach in various US States, please access the link below
Again, Amazon.com has not been impacted.
Sept. 26, 2017 – Sonic Drive-In
Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards
In a posting, Krebs on Security said Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores.
June 8, 2017 – Sabre Corp. Breach
Summary: Security breach of Hospitality Industry payment card environment
Sabre Corporation, a major technology solution provider serving airline and hotel companies, has disclosed a breach of its Hospitality Solutions SynXis Central Reservations system that may have exposed consumers’ payment card data and personally identifiable information . . . also acknowledged that its SynXis software-as-a-service platform was accessed by an unauthorized party, who gained access to payment information corresponding to a subset of hotel reservations. Sabre did not specify when or how the actual intrusion took place or how many records are potentially affected.
A public disclosure can be found at https://www.sabre.com/insights/releases/sabre-statement/
The estimated exposure window for debit or credit cards used for payment processing is August 10, 2016 through March 9, 2017. The forensic investigation has not been completed as of yet however, Sabre states “The unauthorized access has been shut off and there is no evidence of continued unauthorized activity. There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected.”
This latest incident represents yet another attack against the hospitality industry, which has been besieged with data breaches and point-of-sale malware infections. Recent victims include Hyatt Hotels Corp, InterContinental Hotels Group, Kimpton Hotels and Restaurants, Omni Hotels & Resorts and Rosen Hotels & Resorts.
May 31, 2017 – Kmart Data Breach
Summary: Security breach of Kmart’s payment card environment and unauthorized payment activity.
On June 1, 2017 Gareth Glynne, Senior VP of Retail Operations for Sears and Kmart, announced that the company was investigating the second data breach impacting Kmart in three years.
Up to date formation can be found at http://www.kmart.com/en_us/dap/statement05312017.html or by calling the company care center at 888-488-5978.
The initial exposure window for debit or credit cards used for payment processing at Kmart locations is September 6, 2016 through April 30, 2017, and may be at risk for further fraud. The company immediately launched an investigation following reports of unauthorized payment card activity at some of their locations. The company operates 735 locations nationwide, but no formal announcement of the impacted locations has been made.
The investigation found it to be limited only to infected store payment systems at Kmart (did not impact Sears or the company’s eCommerce sites).
April 25, 2017 – Chipotle Mexican Grill
Summary: Unauthorized payment activity and a data breach have been confirmed at Chipotle Mexican Grill.
On Tuesday, April 25, 2017 Chipotle Mexican Grill updated information posted to its website https://www.chipotle.com/security, announcing that the restaurant detected unauthorized activity on its payment processing network. This unauthorized activity has been addressed through the collaborative efforts of Chipotle, law enforcement, cyber security firms, and the restaurant’s payments processor.
Debit or credit cards used for payment processing at Chipotle locations from March 24 to April 18, 2017, were exposed and may be at risk for further fraud. However, the investigation continues and specific details regarding timeframes or restaurant locations that may have been affected by this data breach, are not currently available.
February, 2017 – Arby’s Fast Food Chain Data Breach
The possible data breach, first reported Thursday, February 9th by security expert Brian Krebs at his KrebsOnSecurity website, occurred in a window between Oct. 25 and Jan. 19, according to a notice from Payment Systems for Credit Unions, a service organization for the industry.
Krebs said Arby’s was notified of the possible breach in mid-January but did not go public at the request of the Federal Bureau of Investigation.
Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems. ARG immediately notified law enforcement and enlisted the expertise of leading security experts, including Mandiant. While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.
ARG reminds guests that it is always advisable to closely monitor their payment card account statements for any unauthorized activity. If guests discover any unauthorized charges, they should report them immediately to the bank that issued their card.
August 26, 2016 – Eddie Bauer LLC Network Breach
Eddie Bauer – Suspected Network Breach –Proactive Security Announcement
Networks and our Fraud Management have received a Visa proactive alert notification of a U.S. network intrusion affecting an unspecified number of credit/debit cards across the industry. The affected entity in this breach is Eddie Bauer, LLC and they have acknowledged the event. The exposure period has been identified as February 10, 2016 through July 15, 2016.
Eddie Bauer’s press release can be viewed on the following link: http://cardnotification.kroll.com/
Keep in mind that the investigation is still in the discovery stage but is categorized as a Critical Risk by Visa. We encourage you to be mindful of potential counterfeit card and eCommerce fraud activity for debit or credit cards.
March, 2016 – Wendy’s Fast Food Chain Fraud Trend
According to media reports and a recent post by Brian Krebs (Krebs on Security), the nationwide fast food chain Wendy’s is currently investigating a pattern of unusual high level debit/credit card fraud activity at some stores. Krebs states that “in a preliminary 2015 annual report, Wendy’s confirmed that malware designed to steal card data was found on some systems. The company says it doesn’t yet know the extent of the breach or how many customers may have been impacted.”
Reports indicate fraudulent charges may have occurred elsewhere after payment cards were legitimately used at some restaurants.
The Exposure window: October 26, 2015 – March 10, 2016
Please follow the link below for current information provided by Wendy’s:
May 28, 2015
Sally Beauty Trend
On May 28, 2015, Sally Beauty publicly acknowledged a data breach had occurred due to malware that was placed on its point-of-sale (POS) registers at varying times from March 6 to April 17, 2015. Customer credit or debit card information used for purchases at Sally Beauty stores during this period may be at risk. However, the company does not believe PIN data is at risk, as this information is not collected or stored by the POS system.
According to Sally Beauty, the data breach may have exposed cardholder data including card numbers, cardholder names, verification codes, and/or expiration dates. Additional details about the data compromise are available at the following link:
Sally Beauty has purged the malware from its system, and is offering cardholders free identity protection services for up to 12 months. The company continues to work with federal law enforcement authorities, its banking partners, and security experts in order to make sure its customers are protected.
April 10, 2015
A Credit Union Protection Risk Alert -Skimmer
The Card Alert Service has identified and performed analysis on a suspected point of compromise (POC) location:
7-Eleven at 1 So. Pennsylvania Ave Morrisville, PA 19067
(behind La Villa Family Restaurant).
December 7, 2014
Chick-Fil-A Fraud Trend
According to media reports, several financial institutions have identified a pattern of credit and debit card fraud that suggests some Chick-Fil-A locations across the U.S. may have been impacted.
Chick-Fil-A says they are investigating “potential unusual activity” and have contacted law enforcement. The exposure period is believed to cover Dec. 2, 2013 through Sept. 30, 2014.
Chick-fil-A has released a notification to customers on its company website:
This potential data compromise is still developing; however, based on information currently available we encourage you to be mindful of potential counterfeit card and eCommerce fraud activity for debit or credit cards.
Chick-Fil-A customers are being urged to closely monitor their accounts and reach out to their card issuer should they notice any unusual activity. As with all compromises, customers should also be on the lookout for phishing that may occur as fraudsters attempt to trick you into providing missing information in order to perpetrate fraud.
Fairless CU’s website will be updated as new information becomes available.
October 10, 2014
K-Mart Debit/Credit Card Compromise
On Friday, October 10, 2014, K-Mart publicly acknowledged that point-of-sale registers at its K-Mart stores had been compromised by malware that stole customer credit and debit card information from early September through October 9, 2014.
The data breach may have exposed cardholder data including card numbers, cardholder names, verification codes, and/or expiration dates. Information entered online, such as customer address, email and password remains secure. K-Mart has provided additional details about the data compromise on its company website:
Further investigations are currently underway as K-Mart works with Federal law enforcement authorities, its banking partners and security experts in order to identify the nature and scope of the incident.
This latest data compromise is still developing; however, based on information currently available we encourage you to be mindful of potential counterfeit card, and eCommerce-type fraud activity for debit or credit cards used at K-Mart locations from September through October 9, 2014.
October 10, 2014
Dairy Queen Malware Intrusion
On August 28, 2014, Dairy Queen confirmed that the company had received information from
the U.S. Secret Service about “suspicious activity” related to a strain of malware found in other retail intrusions.
On Wednesday, October 9, 2014, Dairy Queen publicly acknowledged they
recently learned of a possible malware intrusion that may have affected some payment cards at small number of its DQ® locations and one Orange Julius® location in the U.S from August 1st to October 6, 2014.
The Dairy Queen press release states, “As a result of our investigation, we discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely-reported Backoff malware that is targeting retailers across the country.
The investigation revealed that a third-party vendor’s compromised account credentials were used to access systems at those locations. Details of the press release along with locations and exposure time can be found at Dairy Queen’s website:
September 29, 2014
Wings to Go & Uncle Charlies Pizza Debit system compromised between June 25th to August 2nd, 2014
Click on article below for more information
September 19, 2014
Goodwill Industries – September 19, 2014 Update
Goodwill Industries confirmed that it was contacted Friday, July 18, 2014 after an investigation was initiated with the U.S. Secret Service regarding a potential security compromise involving credit and debit card data reportedly stolen from some of its US stores. Goodwill has confirmed that a third party vendor’s systems were attacked by malware, and has posted updated details on its company web site:
Additional alerts may be published as research continues.
Based on information available, there is a potential for an increase in eCommerce and counterfeit card related fraud.
September 18, 2014
Home Depot Press Release
On September 18, 2014, Home Depot released additional details regarding the recent breach. The complete release is available for viewing on the Home Depot website:
Some of the additional details included:
• The malware used in the breach had not been seen previously in other attacks.
• Home Depot estimates the information of approximately 56 million unique payment cards was placed at risk.
September 9, 2014.
Home Depot Confirmed Security Breach – September 9, 2014
Home Depot has confirmed a breach in their payment data systems. You can view the news story at the following link:
ACME Markets, Supervalu and UPS Stores Confirmed Security Breach in Debit Card System.
- Our Card Services Risk Office and Visa Fraud Control and Investigations have both provided Fairless Credit Union with potential fraud activity associated with data compromise alerts associated with AB Acquisition LLC and Supervalu, which operate the Albertsons stores under which a number of grocery store brands, including ACME Markets and Jewel-Osco have exposed credit/debit card information. The exposure window is June 22 to July 17, 2014. Below is a list of the ACME stores that are affected:
- Supervalu has also provided additional information, available at:
- The UPS Store, Inc. has also recently reported a possible data compromise of confidential card data involving credit/debit cards used at 51 locations in 24 states from January 20, 2014 – August 11, 2014. Additional details about this possible date compromise are available on The UPS Store’s website.
Please review your account carefully for the next several months and contact Spirit Financial Credit Union immediately if you determine that there are any unauthorized transactions. If you have any questions or concerns, you may contact a Spirit Financial CU Member Service Representative at 267-580-0230 for further assistance.