Russell Stover Chocolates hit by data breach - what customers need to know

Customers with a sweet tooth may need to check their bank accounts.

Candymaker Russell Stover Chocolates announced Friday that a recent data security breach at its stores potentially affected the information of customers’ credit and debit cards.

There is no evidence, however, that the hack impacted online payments, the company said.

The company determined that an unauthorized actor may have accessed its point-of-sale systems through malware, between Feb. 9 and Aug. 7, and acquired certain customer payment data, including first and last names, payment card numbers and expiration dates. As of press time, there was no evidence that any information was used improperly.

The store, upon learning of the breach, immediately initiated an investigation, which involved independent cybersecurity experts, and took action to remove the malware.

“The security and privacy of consumers' payment card data is a top priority, and [we are] working to further strengthen its security measures, including through enhanced employee training and improved technical measures.”

- Russel Stover press release addressing the data breach

They also notified the appropriate law enforcement, according to the release, and are now “working closely with the payment card companies regarding this matter” as well as providing those who may have been affected with information on what to do next.

This is the latest in a series of security breaches targeting sensitive information. According to intelligence-data website Risk Based Security, the first six months of 2019 alone have seen nearly 4,000 publicly disclosed breaches, exposing 4.1 billion compromised records.

That includes a hack at Capital One, the fifth-largest U.S. credit-card issuer, which affected the personal information of about 106 million card customers and applicants, and at First American, a real-estate and mortgage insurer, that left 900 million customer files exposed.

Russell Stover said in order for customers to protect themselves from a potential hack, “it is always advisable to remain vigilant and monitor their payment card statements for suspicious charges or activity. If a consumer suspects an unauthorized charge, they should immediately notify the bank or financial institution that issued the payment card.”

If you suspect your information may have been comprised, contact Russell Stover’s dedicated call center for consumers at 855-896-4449, and contact your financial institution.