Fewer than 500 Costco customers at four of the retailer's Chicago-area warehouses had their payment information compromised after employees discovered five card-skimming devices during routine PIN pad inspections at the end of August.
"We promptly removed the skimmers, notified law enforcement, and engaged a forensics firm to analyze the devices," a Costco spokesperson told FOX Business in a statement. "It appears that these skimmers had the ability to capture information on the magnetic stripe of a payment card, including name, card number, expiration date, and CVV."
Following the discovery, Costco identified customers who conducted swipe payment card transactions on the affected devices during the relevant time period and notified them individually. The skimmers had the ability to capture names, card numbers, expiration dates and CVV codes.
According to a Nov. 5 notification letter, first reported on by Bleeping Computer, Costco told potentially impacted customers to check their most recent card statement for unauthorized charges and notify their bank of any suspicious activity. The company also offered complimentary credit monitoring and identity theft-related services from IDX.
"Costco vigorously guards its members' personal and financial information, and remains committed to protecting it against unauthorized disclosure," the notification letter concludes. "We regret that we have been involved in this incident, and sincerely hope it does not lessen your confidence in us."
The Costco spokesperson confirmed to FOX Business that no similar devices were found at its other warehouse locations.
|COST||COSTCO WHOLESALE CORP.||488.66||-5.87||-1.19%|
The warning comes after Costco customers on Reddit and Twitter have reported a series of unauthorized charges within the last month.
"Has anyone recently had any fraudulent charges on their card? I only use my card in store, getting gas, or at Costco.com & I had fraudulent charges yesterday," one Reddit user wrote. "Hopefully it's something like a skimmer at the gas pump instead of a data breach."
"Noticed a fraudulent charge on my credit card, so I called to get it handled. Guy on the phone asked if I pay at the pump usually for gas and I said yes," another Reddit user said. "Apparently, skimmers for information are common on pay at pump systems and car washes. That was the only place he saw in my history that was likely to have stolen my information. He recommended paying inside, but Costco doesn’t even have that option. Just a reminder to always check your credit card statements and watch for fraudulent charges!"
"Immediately after finally renewing my Costco membership online this morning I discovered $2200 of fraudulent credit card charges made in the UK on August 31st," a Twitter user posted. "So now I have a Costco membership but no credit card to use to shop there for the next seven to nine business days."
Costco currently operates 820 warehouses worldwide, including 568 locations in the United States.