If you shop at Natural Grocers, then hackers may have your credit card information. Or that's what sources in the financial industry have reported to cybersecurity journalist Brian Krebs, at least.
In response to Krebs's attempt to verify these claims, the grocery chain claimed that it was investigating “a potential data security incident involving an unauthorized intrusion targeting limited customer payment card data.”
The company claims that no PIN or card verification numbers were accessed. Krebs's sources disagree:
Perhaps they aren’t reporting the fraud to Natural Grocers, but banking sources have told this author about a pattern of card fraud indicating cards stolen from the retailer are already on sale in the cybercrime underground.
Based on the fact that Krebs's banking sources have traced credit card information to the Internet's criminal underground, there's probably a good chance of this credit card data being out there.
Here's what Krebs's anonymous source claims really happened:
The attackers broke in just before Christmas 2014, by attacking weaknesses in the company’s database servers. From there, the attackers moved laterally with Natural Grocers’ internal network, eventually planting card-snooping malware on point-of-sale systems.
If hackers can get malware onto a company's point-of-sale system, then they can steal all the credit card data that they want. If you've shopped at Natural Grocers between December and now, then you might want to take a look at your credit card statement.
Finally, you should check out my coverage and advice for the Home Depot hack if you want to know how best to protect yourself. The in-depth tip explains how hackers use point-of-sale malware to steal your information and how to stay safe. Click here to jump right to it.