A US retailer, Stop & Shop Supermarket Companies is warning customers at three of its Rhode Island stores and one of its Massachusetts stores of a potential compromise of their payment card data.
The warning comes after the company discovered that chip and PIN pads used by customers to swipe credit and debit cards to pay for purchases had been tampered with at those locations. As a result of the tampering, account and PIN numbers associated with some credit and debit cards were stolen earlier this month, the company said in a statement.
Since the discovery, Stop & Shop said it has taken measures to reduce the risk of something similar happening again. All Electronic Funds Transfer (EFT) devices ,as the terminals are officially known, have been physically secured "to prevent further tampering" the company said. It did not offer any details about what steps it has taken.
Stop & Shop did not provide details on how exactly the EFT devices were tampered with. Typically attacks against EFT and ATM involve "skimming" techniques aimed at stealing card data and PIN numbers when a card is swiped through a reader. Illegal card-readers either attached to or placed over a genuine reader, intercept and record magnetic card data. The data is then used to create counterfeit cards.
According to Stop & Shop, there is no evidence to date that the stolen data has been misused. The company noted that an internal investigation found no signs that an insider was responsible for the tampering.