Costco sent letters to customers warning that their card information may have been stolen after a skimming device was discovered at one of its warehouses during a recent routine check by employees. The letters were mailed after several customers began complaining about seeing fraudulent charges on their bank statements on social media. Costco, the fifth-largest retailer in the world, did not say how many customers may have been affected by the scam.
After employees found the device, they removed it and notified law enforcement agents, reports Bleeping Computer. “We recently discovered a payment card skimming device at a Costco warehouse you recently visited,” the letter to customers read. “Our member records indicate that you swiped your payment card to make a purchase at the affected terminal during the time the device may have been operating.”
Videos by PopCulture.com
The skimming device may have been able to acquire “the magnetic stripe of your payment card, including your name, card number, card expiration date, and CVV,” Costco’s letter noted. The company advised customers to keep track of charges on their bank and credit card statements to make sure there were no fraudulent charges. If there are, customers should report them to their financial institutions. Costco offered customers IDX identity theft protection.
The letter, dated Nov. 5, did not note when or where the skimming device was found. However, customers have been complaining about fraudulent charges linked to Costco store since at least February. “Don’t use your cards at Costco in Inglewood! My mom got her account hacked, and some fraudulent charges and my mom is old school she only uses cash/checks lol this was the first time she ever used her card,” one person tweeted on Feb. 4. Another customer complained on Reddit last month that there were fraudulent charges on their Costco Visa card.
Unlike data hacks that could affect millions of customers, a physical data thefts like this case are usually isolated and only affect customers who used the breached devices, CRITICALSTART CTO Randy Watkins explained to ZDNet. “The data that the attacker can obtain from the magnetic strip on a card actually depends on the card itself,” Watkins said. “While things like the credit card number, full name, expiration, and country code is universal, other cards can contain additional information like billing address or rewards account numbers. Consumers should make a habit of checking card slots for any foreign devices (internal or external) before swiping their card.”
Related Posts
-
'One Chicago' key art. Credit: NBCUniversal -
BEVERLY HILLS, CALIFORNIA – MARCH 12: 2023 Halle Berry arrives at the Vanity Fair Oscar Party Hosted By Radhika Jones at Wallis Annenberg Center for the Performing Arts on March 12, 2023 in Beverly Hills, California. (Photo by Steve Granitz/FilmMagic)
