Supermarket chain Giant Food warned customers on Tuesday of a possible credit data breach following the discovery of an illegal card-reading device in one of its stores in D.C.
In a letter sent to customers, the grocery chain noted that the illegal device was found on March 5 at a self-checkout terminal at its Columbia Heights store, at 1345 Park Road, Northwest. Immediately after the discovery, Giant Food claimed it had taken different security measures, including reviewing video surveillance, contacting law enforcement, and reaching out to a third-party forensic investigator.
As the letter noted, the device had been installed on a pin pad and forensic investigation suggests that “it was capable of capturing data from payment card EMV chips but not from magnetic stripes.”
Among the details found on the device included the names of cardholders, their payment account numbers, as well as the expiration dates of some customers who used the impacted self-checkout terminal for a limited time period before March 5.
“The device was designed such that extraction of the captured payment card transaction data would require manual insertion of a reader device into the card capture device, but the data could not be accessed remotely. We have been unable to determine if any data was extracted from the device, but it is possible that data was extracted before the skimmer was discovered by Giant Food,” the company explained.
To date, Giant Food says its investigation suggests no evidence yet that any of the information collected has been misused as a result of the incident. The supermarket chain, however, encouraged customers to remain vigilant by monitoring account statements and credit reports.
“Please know we take our obligation to safeguard personal information very seriously and are alerting you about this issue so you can take steps to help protect yourself,” the company added.