Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Costco, an American multinational organization and one of the world’s largest retailers, has alerted its clients by letter this month that their banking information may have been compromised when purchasing at one of its locations.
As per Wikipedia, Costco Wholesale Corporation is an American multinational business that operates a chain of membership-only big-box retail stores (warehouse clubs).
As of 2020, Costco was the fifth largest retailer in the world, and the world’s largest retailer of choice and prime beef, organic foods, rotisserie chicken, and wine as of 2016. In 2021, Costco was ranked #10 on the Fortune 500 rankings of the largest United States corporations by total revenue.
What Happened?
During a routine check, Costco staff detected a payment card skimming device in one of its locations, which led to the discovery of the breach.
The corporation disabled the device, alerted authorities, and is currently cooperating with law enforcement officers investigating the situation. Costco customers who were potentially affected by the attack received a notification letter stating:
We recently discovered a payment card skimming device at a Costco warehouse you recently visited.
Our member records indicate that you swiped your payment card to make a purchase at the affected terminal during the time the device may have been operating.
Impacted Costco Customers
According to the global retail giant, customers affected by the attack may have had their financial information stolen if the cybercriminals who placed the card theft device managed to access the data before the skimmer was discovered and disabled.
If unauthorized parties were able to remove information from the device before it was discovered, they may have acquired the magnetic stripe of your payment card, including your name, card number, card expiration date, and CVV.
A Costco spokesperson stated that the incident impacted less than 500 customers, and all of them were contacted via mail on November 5.
The company thinks the incident happened in August 2021 but declined to say how long the card skimmers were operational.
While the retailer did not provide an exact timeline for the issue, customers all over the world have been complaining about fraudulent charges on their credit cards or accounts on social media since at least February.
Immediately after finally renewing my Costco membership online this morning I discovered $2200 of fraudulent credit card charges made in the UK on August 31st. So now I have a Costco membership but no credit card to use to shop there for the next seven to nine business days. pic.twitter.com/oBUE9NbMsC
— Ms. Lutzmann (@MsLutzmann) September 4, 2021
Others posted that they saw the transactions after shopping at Costco, particularly at the Costco gas stations.
The affected individuals were urged by the organization to keep an eye on their bank and credit card transactions for unauthorized purchases and alert any questionable activities to the appropriate banking institutions.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.
