Sprouts Farmers Market reports security breach at AZ, CA stores

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.kpho.com/story/21311165/sprouts-farmers-market-reports-security-breach-at-az-ca-stores

PHOENIX (CBS5) -

Sprouts Farmers Market says it's been the victim of a security breach
at more than dozen of their chains and customers in Arizona and
California could be at risk.

"The hackers used a very sophisticated mal ware to mimic our point of
sale software," says Sprouts' spokeswoman Barbara McFadden.

Sprouts said it discovered that illegal software was able to pull
credit card numbers at 19 of its 151 stores over a 5-day period
between Jan. 25 and 29. The company was alerted to the problem by one
of the local store managers who saw that the credit card terminals
were going blank.

"Its a serious matter and I think the merchants should do more to
ensure that the information is not compromised," says shopper Warren
Manuel.

Thirteen of the locations are in Arizona and six are in Southern
California. Twelve of those stores are located in the Valley. The
other is in a Tucson suburb.

Sprouts officials said after their investigation, they are still
unable to confirm whether any accounts were compromised.

Sprouts is encouraging customers who used a payment card at any of
these 19 locations between Jan. 25 and 29, review their account
statements and contact their credit card company or bank if they
suspect fraudulent activity.

Sprout stores impacted in Arizona:

Avondale (1813 N. Dysart Rd. 85392)
Chandler (1959 W. Ray Rd. 85224)
Chandler (2855 S. Alma School Rd. 85248)
Gilbert (2582 S. Val Vista Dr. 85296)
Glendale (5130 W. Peoria Ave. 85302)
Glendale (5665 W. Bell Rd. 85308)
Mesa (1933 E. Brown Rd. 85203)
Mesa (5225 E. Southern Ave. 85206)
Oro Valley (7665 N. Oracle Way 85704)
Peoria (8375 W. Thunderbird Rd. 85381)
Phoenix (8040 N. 19th Ave. 85021
Phoenix (2824 E. Indian School Rd. 85016)
Surprise (13759 W. Bell Rd. 85374)

Affected California stores:

Claremont (835 W. Foothill Blvd. 91711)
El Cajon (152 North 2nd St. 92021)
Irvine (3775 Alton Parkway 92606)
San Marcos (149 South Las Posas Rd. 92078)
Thousand Oaks (600 West Hillcrest Dr. 91360)
Torrance (4230 Pacific Coast Highway 90505)

Sprouts said they have replaced all of the card terminals in question.

If you believe you could be a victim in the breach, you can contact
Sprouts onSprouts.com/securityalertfags.

Earlier this month, Arizona-based supermarket, Bashas reported being
victimized by a cyber attack on the stores' online systems, which
provided criminals with access to customer payment information.

[Related: FBI investigating cyber attack on Bashas' customers]

Stay with cbs5az.com for updates on this developing story.

Copyright 2013 CBS 5 (KPHO Broadcasting Corporation). All rights reserved.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.