Grocery chain pushes to shift venue of breach suit
BELLEVILLE, Ill. (AP) — The suburban St. Louis-based supermarket chain Schnucks Markets wants a federal court to handle an Illinois lawsuit related to a security breach of customer credit and debit cards.
The St. Louis Post-Dispatch (http://bit.ly/1a41Hi ) reports that Schnucks filed a motion in Illinois’ St. Clair County Circuit Court to move the lawsuit, saying a federal venue would be more appropriate given potential damages.
Schnucks announced in March that a security breach had been discovered, a breach that dated to December and could affect up to 2.4 million credit and debit cards of customers. The company says safeguards are now in place. But many customers have reported fraudulent charges.
The lawsuit was filed last month on behalf of a shopper at a Schnucks store in Belleville, Ill. Two other lawsuits have been filed in Missouri. The Illinois suit claims Schnucks knew about the breach before it was revealed and should have told customers sooner. Schnucks has said the lawsuit is meritless.
In court filings, Schnucks said that if it loses in court, the cost to the company could be up to $80 million in Illinois alone.
The company said an estimated 1.6 million card transactions took place at its 23 Illinois stores during the breach period, representing about 500,000 unique cards. Schnucks said in the court filing that if each victim spent two hours dealing with the problem and was paid the federal minimum wage of $7.25, total compensatory damages could reach $7.25 million. And because the Illinois Supreme Court has approved a punitive-to-compensatory damage ratio of 11-1, the total tally could be up to $80 million.
The breach began in early December, when malware lifted card data by accessing transactions that were awaiting authorization within the company’s processing system. Schnucks said the malware stripped data from the magnetic strip on the backs of cards.
The strip contains two tracks. The first contains a person’s name, while the second contains the card number and expiration date. Schnucks said the hackers accessed data on only the second stripe.
Information from: St. Louis Post-Dispatch, http://www.stltoday.com