Multiple retail brands in the US sell products for a lower cost. With multiple locations of walk-in stores and online sales, they sell consumer products at reasonable prices. Costco is one such retail brand that is known for selling products at a cheaper price. Since the customer inflow is greater on both offline and online stores, they are always at risk of cyber attacks. In this guide, we explain what the Costco Card Data Breach and Skimming Attack is.
What is Costco Data Breach and Card Skimming Attack?
Whenever we buy goods from Costco or any such retailer and make payment through a card, we swipe it on a physical machine. When we swipe the card, the machine reads the details of the card, which includes card number, customer name, expiration date, and CVV, and confirms with the bank for payment. Once the bank confirms the payment, your payment goes through. It all happens in seconds, thanks to the internet.
As a part of regular inspections conducted by Costco management in its locations, they have discovered payment card skimming devices at multiple Costco locations using customer data, including credit/debit card number, expiration date, CVV, customer name, etc., from those devices. The potential customers who might have been affected by these devices are notified. Costco management is said to be taking necessary security measures to stop the risk and safeguard customers.
The card skimming devices obtain all the necessary data from the magnetic strip on the card. Some cards even give away additional information like billing address and rewards on the card. Card skimming attacks are common during the festival and holiday seasons, where people throng to stores to buy more at cheaper prices due to holiday sale discounts. Labor and staffing shortage is another cause of this issue.
Similarly, there is a Magecart attack where people receive messages with offers or something and a link to buy a product. When a customer clicks on the link thinking of it as the official link of Costco or any other retailer and enters card details, the hackers get all the information the customer enters. Everything looks official and trustworthy, but the customer won’t receive a product.
Impact of Costco card skimming attack on Costco stock
The last time Costco discovered the card skimming attack and released a statement, its impact on the stock was minimal. It was disclosed on November 12, 2021. On that day, Costco stock opened at 514.25 and closed at 509.87. The stock market was opened on November 15, 2021, after the weekend when the Costco stock opened at 518.49 and closed at 512.55. There was not a great impact of the issue on the stock due to the security measures Costco has announced along with the attack details. It might have impressed the investors, which reflected on the market.
Read: How do you protect yourself against CARDING credit card fraud?
Prevention measures for customers for card skimming attacks
Card skimming attacks give away the personal and financial information of the customers. As a customer, you can take the following measures to avoid such attacks and stay safe.
- Be vigilant at point of sale (POS) systems: While making cards through payments, deal directly with the teller or cashier and observe the POS machine they use. Do not look away until you get your card back.
- Do not fall for extra discounts: People approach with an offer of extra discounts, coupons, or rewards and ask you to swipe a card on their POS machines to avail of the benefits. Stay away from them no matter how trustworthy they look.
- Do not enter card details: If you get a link through an email or a text message regarding an offer on something, observe the email, message, and link. Do not enter your card details on such links as it might be a Magecart attack.
Also read: Avoid Online Shopping Fraud & Holiday Season Scams
Did Costco have a cyber attack?
Yes, Costco was hit by a card skimming attack which can be considered a cyber attack. It was discovered just before the holiday sale that the personal and financial information of the customers was at risk because of the card skimming devices they discovered at Costco warehouses.
Can someone steal info from Costco card?
Yes. Card skimming has become a major threat to both customers as well as giant retailers like Costco. When you swipe your card at the Costco location to make a purchase, your information can be stolen if it is a card-skimming device. Costco has improved its security, but it is for our good we need to be vigilant.
Related read: How to spot Fake Shopping Websites?