Skim Scam: Did Aldi Structure Invite 11-state Coordinated Attacks?
When a gang of thieves physically tampers with point-of-sale systems, the tampering is usually a local operation. But that may be changing. Discount grocer Aldi said October 1 it has found tampered payment-card readers in stores in 11 states, spread from the East coast to Illinois. The retailer said the tampering was only in a limited number of its 1,100 U.S. stores, and all those stores were clustered near 10 cities — but the stolen data is being cashed out thousands of miles away. Part of what made the $70 billion global grocery chain so successful could be playing a key role in making it a cyberthief target today: The scarcity of store employees. The 10 areas hit with tampering were Chicago; Indianapolis; Pittsburgh; Philadelphia (including stores in New Jersey); Atlanta; Washington, D.C. (including stores in Virginia and Maryland); Rochester, New York; Hartford, Connecticut; Raleigh, North Carolina; and Charlotte, North Carolina. The retailer said that the skimming devices were probably placed during June, July and August.