Partly Cloudy
82°FPartly CloudyFull Forecast

Grocery chain pushes to shift venue of breach suit

Published: Thursday, May 23, 2013 5:30 a.m. CDT

BELLEVILLE – The suburban St. Louis-based supermarket chain Schnucks Markets wants a federal court to handle an Illinois lawsuit related to a security breach of customer credit and debit cards.

The St. Louis Post-Dispatch reported that Schnucks filed a motion in Illinois' St. Clair County Circuit Court to move the lawsuit, saying a federal venue would be more appropriate given potential damages.

The company, which has a store on Annie Glidden Road in DeKalb, announced in March that a security breach had been discovered, a breach that dated to December and could affect up to 2.4 million credit and debit cards of customers. The company says safeguards are now in place. But many customers have reported fraudulent charges.

The lawsuit was filed last month on behalf of a shopper at a Schnucks store in Belleville, Ill. Two other lawsuits have been filed in Missouri. The Illinois suit claims Schnucks knew about the breach before it was revealed and should have told customers sooner. Schnucks has said the lawsuit is meritless.

In court filings, Schnucks said that if it loses in court, the cost to the company could be up to $80 million in Illinois alone.

The company said an estimated 1.6 million card transactions took place at its 23 Illinois stores during the breach period, representing about 500,000 unique cards. Schnucks said in the court filing that if each victim spent two hours dealing with the problem and was paid the federal minimum wage of $7.25, total compensatory damages could reach $7.25 million. And because the Illinois Supreme Court has approved a punitive-to-compensatory damage ratio of 11-1, the total tally could be up to $80 million.

The breach began in early December, when malware lifted card data by accessing transactions that were awaiting authorization within the company's processing system. Schnucks said the malware stripped data from the magnetic strip on the backs of cards.

The strip contains two tracks. The first contains a person's name, while the second contains the card number and expiration date. Schnucks said the hackers accessed data on only the second stripe.

___

Information from: St. Louis Post-Dispatch, http://www.stltoday.com

Get breaking and town-specific news sent to your phone. Sign up for text alerts from the Daily Chronicle.

Watch Now

Player embeded on all DDC instances for analytics purposes.

NIU-Presbyterian postgame

More videos »

Reader Poll

What do you like best about Corn Fest?
Free corn
Live music
Carnival
Street festival atmosphere
Meeting friends and neighbors