Spec’s, a Texas superstore selling wines, spirits, and finer foods, has announced that customer data at 34 of its locations may have been snagged by hackers. The hack reportedly began October 31, 2012 and continued until March 20, 2014.
Although the breach reportedly affected less than 5% of its transactions, a spokesperson informed the Houston Chronicle that the compromise affected “an estimated fewer than 550,000” customers and Spec’s employees.
For those using payment cards, expiration dates and card security codes were likely also compromised. For those paying by check, their date of birth and/or driver’s license number may also have been acquired. Since their notice on the website was directed to customers, we have no indication whether employees’ Social Security numbers and other personnel information may have been compromised.
Spec’s notice to customers does not say when they were last certified as being PCI DSS compliant. They do say, however, that they have brought in a QSA to review their systems.
Those affected are being offered one year of free credit monitoring with AllClear ID. The notification does not indicate whether Spec’s is aware of any cases of fraudulent use of their customers’ data. Nor does it state how they first learned of the breach.