URM names stores affected in cyber attack


by KREM.com


Posted on January 30, 2014 at 12:42 PM

Updated Sunday, Feb 2 at 11:49 AM

SPOKANE, Wash. -- URM announced Thursday it was close to wrapping up its investigation into a criminal cyber attack that occurred in the fall of 2013.  The company also released a list of the stores affected in the data breach.

The only Spokane and Spokane Valley stores impacted were Yoke's Fresh Market stores, Barney's Harvest Foods, and Trent Harvest Foods. Several North Idaho stores were also hit according to URM leaders.

Originally, Secret Service agents in Eastern Washington began investigating a wide swath of fraudulent credit and debit card purchases being made across the country in November.  Agents originally suspect that the victims were mainly people who had made purchases at URM-supplied stores, including Rosauers, Yokes, Super One and Trading Company.

READ: Complete list of stores impacted by cyber attack

“We are incredibly grateful to our customers for their patience and understanding through this difficult experience,” said URM CEO Ray Sprinkle.  “We are humbled by their support and continue to extend our sincere apologies for any frustration and inconvenience.”

WATCH: Customers remain loyal at URM stores despite card hacking

On November 25, 2013, URM announced it had discovered signs of a criminal cyber attack against its payment processing system.  The company eventually blocked the attack and upgraded its security systems.  URM said Thursday it would continue to work with law enforcement to bring the hackers to justice.

WATCH: URM stores upgrading security following credit card fraud attack

According to the company, for most of the transactions the attackers only accessed “track 2” data -- information on a credit or debit card’s magnetic strip that contains the card account number, expiration date, and card verification number.  The hackers were able to occasionally access “track 1” data, said URM officials.  Track 1 data includes the same information as track 2 in addition to the cardholder’s name.  Company spokespeople said no customer addresses, phone numbers, or Social Security numbers were compromised in the data breach.

URM officials said they were not able to identify specific cards which had been compromised or track data from cards that were taken.  The company planned to contact customers who were believed to have had track 1 data stolen from them.