SAN FRANCISCO (CBS SF) – More than 100 employees and customers have had their identities stolen at Bay Area Lucky supermarkets by thieves who tampered with the credit and debit card readers in self-checkout lines, according to the company.

The store chain announced Monday that thieves managed to place card skimmers into the readers at 23 stores. The readers captured personal information from 23 customers and 80 employees.

The chain says many of those people had money stolen from their accounts. Store officials recommend that anyone who used self-checkout terminals in the affected stores in the past few months to close their accounts immediately.

KCBS’ Holly Quan Reports:

Save Mart Supermarkets, which operates Lucky stores, originally reported tampering at 20 locations throughout the Bay Area, along with one Save Mart store in Watsonville.

The company has since learned that three more stores in Novato, Sunnyvale and Petaluma were targeted, said Alicia Rockwell, public affairs director for Save Mart.

The three additional stores were missed in the original report sent to the company’s Asset Protection Team, she said.

“These were not newly tampered card readers but part of the original discovery,” she said.

At each store, only one card reader in a self-checkout lane was targeted, Rockwell said.

The company has received at least 80 employee and customer reports about the compromised or attempted compromise of card data, Rockwell said.

The skimming devices that are installed in the card machines capture credit card numbers and debit card PIN numbers. Identity thieves then make transactions on those cards.

The company first learned about the problem around Nov. 11 and sent out a Consumer Advisory on Nov. 23, Rockwell said.

There was no estimate of how many customers may have been victimized or the total amount that was fraudulently taken from their debit accounts or added to credit card debt because reports are still coming in, Rockwell said.

“We feel awful about this. We’re reeling,” Rockwell said.

Rockwell said the U.S. Secret Service was investigating the case.

“We strongly recommend our customers who used a self-checkout lane in the affected stores contact their financial institution to close existing accounts and seek further advice,” Rockwell said.

SaveMart, the parent company of Lucky, said it has checked all its stores and wants to assure customers that its card readers are now safe.

Save Mart operates 233 stores in Northern California and Northern Nevada under the Save Mart, S-Mart Foods, Lucky and FoodMaxx banners.

Any Lucky customer affected by fraudulent use of their debit or credit card should contact the store’s Customer Support Center, 800-692-5710.

Stores with tampered card readers:
815 Marina Village Parkway, Alameda
6843 Mission St., Daly City
1000 El Cerrito Plaza, El Cerrito
5000 Mowry Ave., Fremont
35820 Fremont Blvd., Fremont
919 Edgewater Blvd., Foster City
25151 Santa Clara St., Hayward
45 Murchison Drive, Millbrae
1350 S Park Victoria Dr., Milpitas
715 E El Camino Real, Mountain View
1761 Grant Ave., Novato
939 Lakeville Highway, Petaluma
1530 Fitzgerald Drive, Pinole
200 Woodside Plaza, Redwood City
1133 Old County Rd., San Carlos
234 Saratoga Ave., Santa Clara
5510 Monterey Highway, San Jose
200 El Paseo De Saratoga, San Jose
844 Blossom Hill Rd., San Jose
3270 South White Rd., San Jose
1515 Sloat Blvd., San Francisco
484 N Mathilda Ave., Sunnyvale
32300 Dyer St., Union City
SaveMart, 1465 Main St., Watsonville

(Copyright 2011 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

Comments (28)
  1. jman says:

    Something seems fishy about the numbers reported in this story. 23 stores and 23 customers. More employees were targeted than customers? And they only stole the identity of 2 to 3 people per store? I don’t know if the reporting is incomplete or wrong. Why this odd pattern?

  2. Sara says:

    Those numbers really don’t add up statistically. We have four people in my office alone that had $400-800 taken from their accounts (we’re about 1/2 mile from one of the stores hit). My guess is that those are the official Lucky numbers which may or may not be updated at some future time…

    But here’s what really concerns me: Lucky’s official story is odd in so many ways. They found out back on Nov 11 & even found the physical devices. Why didn’t they send out an email alert to their Bay Area or Nor Cal managers to check the machines each day somewhere along the line? Also, the Lucky corporate story for a while was that no devices were found at the Petaluma store yet numbers were stolen there, too. Have they finally found the devices at that store? Why weren’t customers notified at some point in the last three weeks? I guess my biggest and most troubling question is, why wasn’t Lucky more proactive with protecting sensitive financial data? Following this story, it almost sounds like they were hacked, not skimmed but they thought that the skimmer story would make them sound less culpable. Regardless, I’ll be taking my shopping elsewhere.

    1. Eric Domejean says:

      I would agree with you but I read another story where the secret service investigator said that “these were the most sophisticated devices they have encountered in the US.

      I just think that this is an inside job, they should check the work orders at these stores it is either an employee or an employee of a subcontractor. No way some who is not authorized could go to all of these stores and not be notice.

    2. Anthony says:

      Sara, they called about my wife’s card and we promptly canceled it. However, I’m scouring all our bank and CCD acct statements for weird transactions. Though I don’t know exactly what to look for. How was the money taken from the 4 people in your office? Was it large ATM withdraws, several small ones, any particular company name that the transaction was registered too?? If anyone knows someone who had money taken please share how so we all know what to look for. Can’t find any details on the web about the nature of the fraudulent charges, only that money was taken. Thank you!!

  3. Leo says:

    Press release from last month says 20 stores, now we see 23 stores above. Can’t really trust any of these numbers.

  4. JWT says:

    This is why I write CHECKS when I go to the grocery store — I NEVER use my Debit Card at the big Box Stores…. The lady or guy behind me in line may give me a dirty look — but so what… at least I have peace of mind..

    1. Eric Domejean says:

      If you have to use a check do us a favor and fill it out while they are scanning your items. I just hate it when the person waits until everything is done then goes searching for their check book, fills out the check, then balances the register, then hands the check to the cashier. Then acts surprised that they ask for ID.

  5. Kevin says:

    I agree with Sara, they were probably hacked. There is always a store clerk in that area when you are doing the self check out, so they are trying to tell us that someone or a group of individuals went unnoticed installing these devices in 23 locations? Yeah right!
    And wouldn’t you know it, one of them had to be one that I shopped at. I have to drive a little further to Safeway but until they fumble the ball like Lucky’s I have no choice. Lucky’s prices are higher anyway.

  6. Choice says:

    This story makes me want to go back to using cash and dump the preferred customer cards too. Hackers/Criminals/Greedy People will try anything to mess the rest of us up.

    1. Ann Mason says:

      I use cash for buying groceries, and take a number of other precautions to avoid trouble. There’s a down side to almost every cautious thing we do, though, and sometimes I wonder if I’m at risk when I have a bunch of one dollar bills in my wallet and another customer can see all of that currency. Is he/she going to try to take my wallet after we’re outside? There are no easy answers.

  7. mike says:

    Actually, the clerk isn’t always around the self-checkout area all the time. I remember being in the store this one time and nobody was around the registers. As for the odd reporting, you guys also have to consider that maybe those customers haven’t reported any suspicious activities with their accounts to the company, or they just aren’t aware of things. A good number of people use those self-checkout machines, so i doubt only 2 to 3 people per store were affected.

  8. Cathy Kelley says:

    These lowlifes could be livin’ high on the hog with the computer intelligence they have working at one of the tech companies in our area. Instead, they choose to be lazya** MF’ers & make life rougher for the common hard working people. Like our economy doesn’t suck us dry already! GROW UP YOU DUMBA** MFERS! GET SOME BALLS!

  9. Carolyn says:

    I tried calling my local Lucky store and could not reach anyone willing to tell me if that store was hit by the scammers. Please list the actual store list. Goes to show that even in this day and age- cash is best

  10. sunnyvale regular says:

    I live near the store in Sunnyvale that was on the list, and i can assure, there are plenty of times when no one is within site of the self check out stands.

    1. Kevin says:

      Well then it looks like a class action suite for those effected right?

  11. matt says:

    If people would stop and think about the fact that everytime they use a self-service machine , they are making MORE profit for a company that does not care about your personal info. security, AND you are eliminating someones job and healthcare by using these machines, then maybe… Wait..I Forgot.. This is America, we are too selfish, and stupid to think about stuff like that! American Idol or ,whats Kim Kardashian going to do next, THATS whats important!

    1. Matt (& everyone)

      Have you ever wanted to show your support for things like unions and/or the occupy movement? Here’s a simply, easy way to do so: At the supermarket avoid the self serve lanes and patronize the (almost always union) checkout person instead.

      Those self-serve lanes were supposed to lower costs for the corporation…I have no doubt that they have, but have you seen that cost savings reflected in your grocery bill? Didn’t think so, me neither…