Back in October, I noted that the ALDI breach had affected 8,000 Maryland residents. New York State’s breach logs for October, posted online, indicates that ALDI had reported on October 1 that 17,000 NYS residents were affected.
Given that the breach affected customers in 11 states and there are 25,000 affected in just two of those states, it seems that the total number affected for this breach may be much higher than what ALDI’s statement of October 1 suggested (emphasis added by me):
ALDI Inc. recently learned that, from approximately June 1, 2010 to August 31, 2010, tampered payment card terminals were illegally placed in some ALDI stores, enabling unauthorized individuals to fraudulently obtain payment card information from a limited number of our customers.
What do they consider a “limited number of customers?”
ALDI’s notice on their web site has not been updated since the last update on October 1.