Schnuck Markets Inc. Data Breach (2013)

A lawsuit was filed against Schnucks Markets Inc. after customers learned that Schnucks failed to warn customers about a data breach within two weeks. On March 15, Schnucks learned that a portion of their loyalty cards were affected, but waited until March 30 to send a press release. Customer payment card numbers and expiration dates were exposed through a magnetic strip swiping security breach. No customer names were exposed.UPDATE (04/15/2013): The breach affected about 2.4 million customer debit and credit cards at 79 Schnucks locations. Payment cardholders' contact and identifying information were not exposed. Customers who visited a Schnucks between December of 2012 and March 29, 2013 may have been affected.UPDATE (05/24/2013): A class action lawsuit was filed against Schnuck Markets in early May. Schnuck Markets claims that the the lawsuit belongs in federal court because of the case's scope and damages. The lawsuit sought damages from Schnucks for time and effort that affected individuals had to put into monitoring and managing compromised credit card information. The lawsuit also alleges Schnucks of willful and wanton neglect, a charge for which punitive damages are available under Illinois law. However Schnucks states that the "time and effort" claims for Illinois alone easily exceed the $5 million threshold for federal consideration.UPDATE (06/21/2013): A new estimate from Schnucks states that 500,000 unique credit or debit cards may have been involved.UPDATE (07/11/2013): After a review, the Missouri Attorney General's office has stated that Schnuck Markets did not violate state data security law.