Costco says the payment information of some of its customers may have been compromised after employees discovered a card-skimming device at one of its warehouses during a routine pin pad inspection.
ROBINHOOD REPORTS DATA BREACH FOR 5M CUSTOMERS
“Our member records indicate that you swiped your payment card to make a purchase at the affected terminal during the time the device may have been operating,” a Nov. 5 notification letter, first reported by Bleeping Computer, reads. “If unauthorized parties were able to remove information from the device before it was discovered, they may have acquired the magnetic stripe of your payment card, including your name, card number, card expiration date, and CVV.”
Costco has notified and is working with local law enforcement to investigate the incident. The retailer is recommending potentially impacted customers to check their most recent card statement for unauthorized charges and notify their bank of any suspicious activity.
In addition, Costco is offering the option to enroll in free identity theft protection services from IDX, which include 12 months of credit and CybersScan monitoring and a $1 million insurance reimbursement policy. The offer to sign up will expire on Feb. 5.
CLICK HERE TO READ MORE FROM FOX BUSINESS
A representative for Costco did not immediately return FOX Business’ request for comment on how many customers may have been impacted or the location of the warehouse where the card skimmer was found.
“Costco vigorously guards its members’ personal and financial information, and remains committed to protecting it against unauthorized disclosure,” the letter concludes. “We regret that we have been involved in this incident, and sincerely hope it does not lessen your confidence in us.”
Costco’s warning comes as customers on Reddit and Twitter have reported a series of unauthorized charges within the last month.
“Has anyone recently had any fraudulent charges on their card? I only use my card in store, getting gas, or at Costco.com & I had fraudulent charges yesterday,” one Reddit user wrote. “Hopefully it’s something like a skimmer at the gas pump instead of a data breach.”
“Noticed a fraudulent charge on my credit card, so I called to get it handled. Guy on the phone asked if I pay at the pump usually for gas and I said yes,” another Reddit user said. “Apparently, skimmers for information are common on pay at pump systems and car washes. That was the only place he saw in my history that was likely to have stolen my information. He recommended paying inside, but Costco doesn’t even have that option. Just a reminder to always check your credit card statements and watch for fraudulent charges!”
“Immediately after finally renewing my Costco membership online this morning I discovered $2200 of fraudulent credit card charges made in the UK on August 31st,” a Twitter user posted. “So now I have a Costco membership but no credit card to use to shop there for the next seven to nine business days.”
Costco currently operates 820 warehouses worldwide, including 568 locations in the United States.