Eleven Key Food Co-Operative Inc. grocery store locations in New Jersey fell victim to a payment card data breach between Jan. 19, 2017 and April 17, 2020, the company announced July 17.
Tropical Supermarkets in Dunellen, North Brunswick, Perth Amboy, Somerset, South River and Union City were affected; along with Food Fairs in Newark and Paterson; Food Universe in Paterson; and Latino’s Supermarket in West New York.
The breach was first reported on March 2, after which Key Food conducted an investigation of the incident with its member stores, notified the payment card networks and followed their investigation process, and provided and continued to provide information to law enforcement regarding their investigation.
The investigation found that malware had been installed into point-of-sale devices to skim payment card data. For payment card transactions with chips, the company believes that the card number and expiration date were compromised by the malware, but not the cardholder name or internal verification code.
For swipe transactions, the malware may have compromised cardholder name in addition to card number, expiration date, and internal verification code.
There is no indication that other customer information was affected, Key Food said.
Some Key Food Co-op supermarkets in Florida, New York, Massachusetts and Connecticut were also affected. Key Food has supermarkets in nine other New Jersey towns, but those were not affected in the breach.