URM Stores has posted an update to a breach disclosed in November. The update indicates that the attack was “similar to” attacks reported by other grocery chains and retailers. URM was first alerted to the breach on October 31 by a bank, but its preliminary investigation did not uncover any signs of an attack. After it started getting more reports involving more of its stores, it then called in a forensics firm to investigate its payment processing system.
At the present time, URM believes that the attackers obtained Track 2 data and in a subset of cases, Track 1 data may have been obtained. A list of affected stores is appended to the update. They include stores from a number of grocery chains in Idaho, Montana, Oregon, and Washington.