Cyberattack Stopped; Western States Grocery Shoppers Cautioned

A cyberattack targeting credit and debit card users at grocery stores in parts of Washington, Oregon, Montana and Idaho has been blocked, according to URM Stores Inc.

The Spokane-based grocery wholesaler said credit card systems were placed back online Monday night after extra security systems were implemented.

URM Stores processes a large share of electronic payments made by shoppers at Yoke’s, Rosauers, Super 1 Foods, Family Foods, CenterPlace Market and Trading Co. stores.

The extra security won’t protect customers who used their cards at the stores prior to Nov. 25. Officials stress that anyone who used a credit or debit card at a URM-affiliated store prior to that date should pay close attention to bank statements.

“We have taken steps to block the attack,” Ray Sprinkle, CEO of URM Stores, said in a press release. “We are incredibly grateful to our customers for their patience and understanding.”

Sprinkle declined to provide details of what has been learned about the attack, saying the investigation was continuing. URM has hired leading national companies to work with law enforcement, he said.

A news release from the company said that with the attack blocked, the focus will switch to pinpointing which stores were affected and when it began. Companies that issued cards with numbers that were most likely to be stolen will be notified.

Three days before Thanksgiving, URM Stores recommended that its stores only accept cash and checks to put a halt to an attack as reports mounted from banks and credit unions that noticed fraudulent purchases on accounts of shoppers who used cards at URM Stores.

For the past week, Rosauers stores put plastic bags over its credit card readers in each checkout stand and accepted cards through a slower-but-safer dial-up connection. Rosauers offered 10 percent discounts to make up for the inconvenience.