Most people who surf the Internet use some form of anti-virus program or service to protect their computers from cyber attackers.
Still, there is no way to completely eliminate the risk inherent in an Internet connection. Even the largest, most sophisticated companies succumb to attack. Even our nation’s intelligence agencies fall victim to spies and saboteurs.
If the invader is crafty enough, it may be weeks or months before the breach is detected, if ever at all.
Recently, Schnuck Markets was a victim of cyber criminals, who managed to access credit and debit card numbers and expiration dates from Schnucks shoppers. From March 15, when the chain first learned that something might be amiss, it took two weeks to identify the problem and correct it.
In addition to losing sales after notifying the public of the problem, Schnucks faces a $5 million lawsuit filed April 25 in St. Clair County Circuit Court by Laverne Rippy of Granite City on behalf of a proposed class of shoppers who claim to have been grievously inconvenienced by having to cancel their possibly compromised cards.
They charge that Schnucks did not notify them of the problem in a timely manner.
“Schnucks did not know on March 15 that it had been the victim of a cyberattack,” the chain’s April 15 press release explained. “Rather, Schnucks was informed by credit card companies on Friday, March 15, that banks had detected fraud on 12 different credit cards that had been used at Schnucks. We immediately began an investigation, and engaged forensic investigators from Mandiant, the leading payment card industry forensic investigation firm. When Mandiant found the first indication of a cyberattack on March 28, Schnucks’ IT department worked with Mandiant for the next 36 hours to contain the incident and block any further access to payment card data.”
Schnucks did the best it could, as fast as it could, but what does that matter to a pack of opportunistic fortune hunters?