It took nearly three weeks for Lucky supermarkets to notify customers that credit cards may have been “skimmed” at 23 of their Northern California stores.
By that time, the unauthorized “sniffer” devices had victimized customers across California, bilking customers of thousands of dollars.
Weeks after they learned of the scam, Lucky released a sloppily-worded statement that urges anybody who used a Lucky self-checkout terminal in October or November to close their bank account and open a new one.
Meanwhile, Petaluma police alone have received more than 110 complaints of fraud, including one person who had six withdrawals totaling about $3,000 stolen from their debit card account.
Lucky Chief Financial Officer Stephen Ackerman told the Santa Rosa Press-Democrat that a physical device – a computer board with memory chips that can read data from debit cards — was transmitting customer financial data via Bluetooth, a short-range wireless protocol.
Ackerman said thieves could access personal data sitting in a store’s parking lot.
Even though Lucky said the last device was removed on November 22, customers continue to report unauthorized withdrawals to their local police.