Natural Grocers investigating security breach
Steamboat Springs — Officials with the grocery chain Natural Grocers said Monday that the company has hired a data forensics firm to investigate a potential data breach.
The Lakewood-based retailer has more than 90 stores across the country, including its location at 335 Lincoln Ave. in Steamboat Springs.
As of Monday morning, the incident was contained, and there haven’t been any reports of fraudulent use of customer cards, according to a statement from the company.
“With the help of third-party data security experts, the incident was contained, and law enforcement is investigating the matter,” the statement said. “In addition, there is no evidence that PIN numbers or card verification codes were accessed.”
The statement also said that no personally identifiable information, such as names, addresses or Social Security numbers were involved as the company does not collect that data as part of its payment-processing system.
The Steamboat Springs Police Department had not heard of the security breach as of Monday morning, and there hadn’t been any associated reports involving the Steamboat Springs Natural Grocers, according to Sgt. Jeff Wilson.
Wilson said that he hadn’t taken any credit card fraud reports at all in a couple of weeks, and that reports have dropped off dramatically since a cyber attack in December led to cardholder information breaches at a handful of local restaurants.
A manager at the Steamboat Springs Natural Grocers was not immediately available to comment on the data breach.
Natural Grocers said that while it continues the investigation, the company has accelerated its plans to upgrade point-of-sale systems at all of its 93 stores, using a new PCI-compliant system with point-to-point encryption and new pin pads.
“These upgrades provide multiple layers of protection for cardholder data,” said a statement. “The company takes data security very seriously and is committed to protecting its customers’ information.”
The data breach was first reported Sunday night by former Washington Post and Security Fix reporter Brian Krebs, who runs the website Krebs on Security.
The breach may have occurred in December 2014, according to the website.
Support Local Journalism
Support Local Journalism
Readers around Steamboat and Routt County make the Steamboat Pilot & Today’s work possible. Your financial contribution supports our efforts to deliver quality, locally relevant journalism.
Now more than ever, your support is critical to help us keep our community informed about the evolving coronavirus pandemic and the impact it is having locally. Every contribution, however large or small, will make a difference.
Each donation will be used exclusively for the development and creation of increased news coverage.
Start a dialogue, stay on topic and be civil.
If you don't follow the rules, your comment may be deleted.
User Legend: Moderator Trusted User