Southern and Midwestern shoppers beware: it looks like Fred's Super Dollar, a discount pharmacy and general merchandise retailer, is the latest business to lose customer payment-card data after hackers planted malware on the point-of-sale (POS) systems used in checkout lanes at Fred's locations.
Security expert Brian Krebs reports that he contacted the company last week, after “about a pattern of fraud on customer cards indicating that Fred’s was the latest victim” of malware planted on POS systems.
Fred's Inc. responded in a formal statement on Friday, admitting that:
Fred’s Inc. recently became aware of a potential data security incident and immediately launched an internal investigation to determine the scope of the issue. We retained Mandiant, a leading independent forensics firm, to examine our data security systems.
We want to assure our customers that protecting their information is one of our top priorities and we are taking this potential incident very seriously. Until this investigation is completed, it will be difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.
So far, that's the only information available: Fred's had a security breach, and hired investigators to look into it. The scope of the breach has not yet been determined: how long ago did the hackers plant the malware? How long were the hackers then able to monitor any transactions on those infected POS systems? And how many Fred's locations were affected?
Krebs' sources are “unclear” on that last bit, but said “the pattern of fraudulent charges traced back to Fred’s stores across the company’s footprint in the Midwest and south, including Alabama, Arkansas, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Tennessee and Texas.”
So if you are or have been a Fred's shopper in any of those states, and paid with a card rather than in cash, check your card statement extra-closely to see if you can spot any fraudulent charges.