Major Grocery Wholesaler Hacked

Published in CSP Daily News

URM Stores asks member retailers to use dial-up connections

SPOKANE, Wash. -- About 160 supermarkets and grocery stores across the Pacific Northwest are reported to be among those whose electronic payment systems were hacked by thieves, according to a numerous reports.

Some of their customers are discovering unauthorized charges on their cards--from a Lake County, Montana, man who found $75 in gasoline purchased on a card with his number on it in Texas, to a Spokane, Wash., couple who were surprised to find they had paid for $18 worth of food at a Kentucky Fried Chicken in New Dehli, India.

The common theme seems to be grocery stores that use URM Stores, a Spokane wholesaler, to process electronic payments, according to a Billings Gazette report. URM Stores, in turn, uses First Data Corp. of Atlanta to process its payment transactions.

A Secret Service investigation is under way.

URM Stores serves approximately 160 member stores in Washington, Oregon, Idaho and Montana that collectively own it. URM Stores is also those sites’ primary food distributor.

URM Stores said it has been advised by law enforcement it “may have been the target of a criminal cyber-attack against our payment processing system.”

It also has recommended customers pay by cash or check, or for stores to use slower dial-up connections that are not affected, until the problem is isolated and dealt with.

“We’re working diligently to secure our system,” CEO Ray Sprinkle told the Missoulian on Tuesday.

On Monday, the company provided a toll-free number—1-877-237-7408—for customers who have questions about what has happened and want to know what steps they can take to protect themselves.