Costco discovered a credit card skimmer in a store in Canada after shoppers complained on Twitter and Reddit about fraudulent credit card charges. Credit card skimmers were later found at four Costco stores in Illinois.
According to Bleeping Computer, Costco sent a notice to affected customers stating that unauthorized individuals may have stolen data from the magnetic stripe of their payment card, including their name, credit card number, expiration date, and CVV, if the criminals were able to remove the information before the device was discovered. If retailers want to protect their customers, they must prioritize payment authentication software for both in store and online transactions.
Fortunately, physical data theft is typically isolated, as card skimming devices only pose a threat to those who use the compromised device. However, these devices can be used on any point-of-sale device, such as gas pumps and ATM machines.
The data an identity thief can steal from a credit card's magnetic stripe depends on the card, and can include the credit card number, user's name, expiration date, billing address, and rewards account numbers. "Costco discloses card-skimmer incident. Contract lawyers and workplace surveillance. Cyprus fines Wispear for surveillance van case." thecyberwire.com (Nov. 15, 2021).