Threatwatch

Texas liquor chain waited a year and a half to say anything about customer data breach

Credential-stealing malware; Network intrusion; User accounts compromised

Banking information on over half a million customers might have been compromised at Spec's alcohol stores statewide.

The company disclosed the hacking on March 28, 2014.

The breach is believed to have started on Oct. 31, 2012 and continued through as late as March 20, 2014.  

“Hints the computer system had been compromised began to surface early last year” but federal authorities asked Spec’s not to divulge details until last week, the Houston Chronicle reports.

Customer Rick Dardenne said he learned of the infiltration after receiving a new Amegy Bank card in the mail. He called the bank and “asked if the switch was because he had shopped at Target. The customer service rep told him that there had also been a breach at Spec's,” the Chronicle reports.

"I don't like being kept in the dark," Dardenne told the Chronicle. "Target at least communicated with the customers sooner."

Company officials said that after receiving alerts from a major lending institution and a firm that processes many of its payments, Spec's brought in private investigators and the Secret Service.

A company spokeswoman said Spec's "has not taken any personnel action, nor based on what we know from the Secret Service do we see any reason to."

The data exposed might include customers' bank routing numbers, card security codes and other payment card and check information.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Food and Beverage

reported

March 28, 2014

reported by

Houston Chronicle

number affected

fewer than 550,000 customers and employees

location of breach

Texas, United States

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

Between Oct. 31, 2012 and as late as March 20, 2014

date breach detected

Early 2013