Costco Discovers Data Breach

Jamie Grill-Goodman
Editor in Chief
Jamie Grill-Goodman profile picture
a building that has a sign on the side of a road

Costco Wholesale Corporation is investigating the outcome of a payment card skimming device found in its operations.

The club retailer notified customers in letters sent this month that their payment card information might have been stolen while recently shopping at one of its stores, Bleeping Computer reports.

The letter it obtained notifies customers that Costco discovered the breach after finding a payment card skimming device in one of its warehouse stores during routine pin pad inspections conducted by Costco personnel. It also notifies customers that their name, as well as card number, expiration date and CVV information may have been obtained.

The retailer has since removed the device and is working with law enforcement agents who are investigating the incident. It advised the customers to monitor their bank and credit card statements for fraudulent charges and offered the option to enroll in free identity theft protection services from IDX, which include 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.

"The recent Costco card skimming breach underscores the urgency for better payment security anywhere a transaction happens,” Armen Najarian, chief identity officer at Outseer (an RSA company), tells RIS. “As we head into the holiday season, hackers and other bad actors will target retailers made vulnerable by short staffing and high transaction volumes.” 

“All of this, unfortunately, will be amplified this year as pandemic-induced labor shortages reach unprecedented levels. If retailers want to keep their customers safe and happy this holiday season, they need to prioritize payment authentication software for in-store and online transactions alike."

[See more: Workforce Management for Retail Victory]

The total number of impacted customers or the warehouse location where the skimmer device was found is still unknown, according to Bleeping Computer.