As the latest company to get hit with a data breach, Safeway is investigating a series of skimming attacks on several of its stores in California and Colorado, according to reports.
After banking sources confirmed that a number of consumers had their debit cards drained of cash at ATMs after shopping at Safeway, it was discovered that cyberattacks had breached credit card terminals at checkout lanes at several of the grocer's stores.
Safeway spokesperson Brian Dowling told security blog "Krebs on Security" that the breach affected a small number of stores, and that the grocer is taking steps to solve the issue.
“We have an excellent track record in this area,” Dowling told the blog. “In fact, we inspect our store’s pin pads regularly and from time to time find a skimmer, but findings have been limited and small in scale. We immediately contact law enforcement and take steps to minimize customer impact."
Safeway did not name the affected locations, though bank sources say the fraud was traced back to Arvada, Conifer, Denver, Englewood and Lakewood, Colo., and Castro Valley and Menlo Park, Calif., according to Krebs.
"As long as this incident is contained to the current impact, it’s unlikely to have a significant impact on the industry or Safeway specifically," Tim Erlin, director of IT security and risk strategy at Portland, Ore.-based software company Tripwire, told Progressive Grocer. However, Erlin continued, "if the scope of the breach grows or some other new information is made public, that may change."
Following devastating security threats against a number of high-profile retailers, most notably Target, data security has become an increasingly top-of-mind issue. In addition to large-scale investigations and implementing the latest technology, Erlin recommends that companies also make strides on the employee level. "Retail stores that have lanes with staff in them should train those personnel to inspect payment devices and report any suspicious machines for a more complete inspection," he said.