Hacked Card Readers Found At Aldi Stores In 11 States

Late last week, discount grocery chain Aldi revealed that customers’ banking info may have been compromised by card readers that had been illegally tampered with at stores in 11 states.

“The tampered terminals were capable of capturing information such as name, card account number and PIN,” read a statement on the company’s website.

The areas believed to be affected by the cracked card readers are:
*Connecticut (limited to greater Hartford area)
*Georgia (limited to greater Atlanta area)
*Illinois (limited to greater Chicago area)
*Indiana (limited to greater Indianapolis area)
*Maryland
*New Jersey
*New York (limited to greater Rochester area and Lower Hudson Valley)
*North Carolina (limited to greater Charlotte and Raleigh areas)
*Pennsylvania (limited to greater Pittsburgh and Philadelphia areas)
*South Carolina (limited to greater Charlotte area)
*Virginia (limited to greater Washington, D.C. area)

According to the statement, the skimming was going on between June 1 and Aug. 31.

The crime was immediately reported to federal law enforcement authorities, we began an investigation, and we conducted a thorough review of all stores nationwide and removed terminals we believe may have been affected. In addition, we ensured that the relevant payment card brands were notified. We also implemented additional security measures to prevent this type of crime from reoccurring.

Aldi has yet to list specific stores or numbers of individuals affected by the readers, but news reports claim that at least 200 people were victimized at a single Chicago-area Aldi.

You can contact the company directly — (877) 412-7152 toll-free, Monday through Friday, between 9 a.m. CDT and 4:30 p.m. CDT.

Notice to Our Customers [Aldi Statement]

Grocer Aldi says vandals compromised payments [AP]

Comments

Edit Your Comment

  1. Griking says:

    You can’t hack cash

    • QrazyQat says:

      You can’t hack grow your own chickens either, but sometimes people want to buy something at a store and for various, often quite good, reasons want to use a card.

    • pop top says:

      No but it sure is hard to replace once stolen.

    • Loias supports harsher punishments against corporations says:

      Yes, but should your credit card get stolen, you’re not out the money taken from the card. The cash, however, is gone.

    • sonneillon says:

      I can make a 5 dollar bill look like a 50. Is that the same as hacking cash?

    • Leper says:

      Large amounts of cash can be seized under anti-drug laws.

      • kujospam says:

        That is correct. A friend of mine had a little over 10k in cash on him at the time flying to CA. For some reason his briefcase was had to be opened. I still don’t get the reason why. But the TSA took it, and never got it back after they investigated him. He sued, but there was no proof he had a briefcase with the amount of money he claimed. Luckily he is well to do, but still have never seen him so upset in my life. So make sure you write a check, and you might have better luck.

  2. pop top says:

    Oh man, you have no idea how glad I was when I saw Michigan wasn’t on that list. I love shopping at Aldi’s and kudos to them for being right on top of this AND owning up to it publicly.

    • MFfan310 says:

      When I saw that Fort Wayne wasn’t on that list but Indy was, I thought “phew”, as I shopped at a (brand-new) Aldi here in Fort Wayne during that timeframe. I used cash at Aldi, though, like I use for most of my grocery shopping. Makes food budgeting easier. : )

  3. agent 47 says:

    Why steal from those with limited funds to begin with? Go hack a Wegman’s!

    • moorie679 says:

      better yet whole foods or a west point market…..

    • Kitty Conner says:

      Maybe some of their customers wouldn’t be worth it, but it’s not just those of lesser means who shop there.

      Some of us just like Aldi, even though we could easily afford to grocery shop exclusively at Whole Foods. Part of having money is knowing how not to waste it. And frugal (but tasty) groceries at Aldi is one way to accomplish that.

    • desterion says:

      Going to aldi for basic staples like milk/bread/cheese saves you a lot of money as compared to just picking it up at a regular supermarket. Not everything at aldi is good but they have a lot of products that taste just like name brands but cost a LOT less. In comparison to buying the stuff at other stores you’re saving hundreds of dollars a year for a family. I would think a consumerist reader would be aware of how much middle class families use aldi in as part of their grocery shopping.

      • haggis for the soul says:

        Yes, and they have really cheap fresh fruits and vegetables. You can get about 3-4 times what you can get in regular grocery stores for your money.

  4. ShruggingGalt says:

    WOW. If it really was the terminal(s), with this number of states the problem had to be internal. Either that or an employee of the company they bought their terminals from.

    Now if it was software, that’s a whole other ball of wax. But I thought the terminals were supposed to be PCI compliant and encrypt the PINs.

    • kc2idf says:

      “Now if it was software, that’s a whole other ball of wax.”

      Thank you, very much, for not saying “whole nother.”

  5. oooooops says:

    Apparently Aldi’s isn’t aware either that Charlotte is in NC and not SC since the press release states
    “*South Carolina (limited to greater Charlotte area)”

  6. thesadtomato says:

    I love the image: hack + aldi. Brilliant!

  7. anime_runs_my_life says:

    You can contact the company directly. Whether or not you’ll get someone to talk to is another matter altogether. I stopped shopping at ALDI because the manager of one of the stores near me felt it was okay to sell milk and eggs past the sell by date and pretty much told me to deal with it or get out of his store. I left my cart of groceries for him to deal with. When I tried to complain, I got forwarded to a voicemail where it was full and my attempts to find someone who cared dwindled with each attempt, so I figure if they don’t care about their manager selling bad stuff, they won’t miss my dollars.

    I do all my business at Save-A-Lot now.

    • HogwartsProfessor says:

      I just did. The lady who answered the phone has a list and double-checked to see that my state wasn’t on it.

    • LastError says:

      That’s fine for you to be outraged, but the “sell by” dates are usually just a suggestion and not an actual indication of sell-by date or an expiration.

      Some states have stronger interpretations of this than others, so you may want to take it up your state health department or department of agriculture or whoever covers such things in your state.

      Some stores have internal policies to not sell such items (Kroger for example) but if there is no policy then state law (whatever it is) is what they should follow. So find out what your laws are and go from there. If the laws are being obeyed, you are stuck -but probably also in no danger.

      In my state, the date on a product is considered a suggestion, not a rule or expiration date. Milk and dairy are considered safe to consume for at least 10 days after the suggested sell-by date and the laws are careful not to call it an expiration date. It’s only a suggested sell-by. As noted, some stores choose to follow a tighter policy.

      If you find out Aldi is not following the law, and if the state agency does not care, then the next stop is local TV media. Some consumer reporter will enjoy doing this story.

      One final note: Aldi buys many of its items from wholesale producers and suppliers. Especially in the case of dairy, these suppliers are shared with -guess who- Sav-A-Lot. So basically the milk is probably the same.

  8. micasaessucasa says:

    My debit card, which I hardly ever use, was compromised earlier this spring. Luckily, my bank noticed the fraudulent activity (pre-authorizations from unknown companies) and put a hold on the account before any money was removed from my account. The only place I use my debit card is Aldi’s. Even though this does not fit into the time frame I wonder if my data was compromised. Are they even aware of the extent of the problem? I found the statement to be quite vague is there more they are not revealing?

  9. CrissyT says:

    Wow, this scares me. My debit card had fraudulent charges that Chase stopped, and had they not called me immediately who knows how much damage could have been done. It was only my card that was affected, and Im pretty careful with it. I had been racking my brain trying to think where anyone could have possibly gotten the number. I think now I know.

    • RandomHookup says:

      What did they spend it on?

      • CrissyT says:

        According to Chase, there was an attempted charge to PayPal, a toystore, an “online store” (thats all they would say), and several small charges at various random places.

  10. Kitty Conner says:

    My in-laws (greater Indianapolis area) were notified by their bank and had their debit card cancelled two weeks ago because of this issue.

    Which scares the crap of out me since we shop at the same Aldi. But no fradulent charges and no notification from my bank.

  11. Coupon says:

    Fudge!

  12. ktetch says:

    Great, now all I have to do is find out if Covington, Ga (home of the early Dukes of Hazard, parts of the cannonball run films, and Vampire Diaries) counts as ‘Greater Atlanta’.

    Also, I know we shopped there just before Dragon*Con, but I don’t remember which day before.Might have been August31, might have been Sep1

  13. Razor512 says:

    The same thing happened at my college. The book store in the college added the ability to use credit cards and their solution to that was to add a netbook with a USB card reader attached to it.

    The book store is not staffed with the brightest people, they ended up using the netbooks for for non book store purposes and the netbooks got infected, after that many students noticed lots of random small transactions on their credit cards.

  14. HogwartsProfessor says:

    Aaahh!! I go there all the time! I live four blocks from it!

    I just looked at my bank balance the other day and it was okay. I called and they said so far Missouri had not been affected. I’ll keep an eye on my balance just in case.

  15. Rocket says:

    I am in Rochester, NY. Good thing I don’t shop at Aldi.

  16. Spifferiferfied says:

    That explains why my g/f and I got new debit cards sent to us this weekend…

  17. PeaInAPod says:

    The skimming ended on August 31 and they wait until the first week of October to tell people? wth?

  18. Saberpilot says:

    Oh, and these guys were brilliant, too, whoever took the info. Pin-based and non-pin based fraud. Kept the bank I’m at hopping, let me tell you.

  19. Max5695 says:

    Using debit cards is very dangerous. Debit cards are worse than credit cards because if your debit card is stolen there is no limit to the amount of money that you are liable for if you do not report the fraudulent charges before 60 days. Credit cards liabilities are limited to $50.

    If a hacked card reader steals your PIN and card number the thieves could drain your bank account.

  20. Red_Eye says:

    I think they are friggin cowards for not disclosing the addresses of affected stores. With a list like that I could know if I had any risk.

  21. mandy_Reeves says:

    what happens to those who use the kiosk for EBT cards. I rely on that to keep my family fed…I don’t want people using my allowance for their food.

  22. JonBoy470 says:

    Of course… I live in the DC metro area, and have shopped at Aldi. Time to check the bank statements!

  23. LastError says:

    Wow, I shopped at Aldi ONE time during this period, in one of the affected cities.

    But it was one of the rare times I paid for groceries with cash. Whew!

    I gotta wonder…. why Aldi? Their customers are usually working-class people with not a lot in their bank accounts to steal.

  24. JonBoy470 says:

    So it turns out my wife’s card was compromised at Aldi. We found out after her ATM card stopped working. Apparently, BofA is actually on the ball for something though. They had deactivated her card when they detected the fraud. Maybe I’ll just use cash in Aldi from now on…