Hancock Fabrics today confirmed what had been reported in the media back in October and November of 2009: customers in a number of states had their debit and credit card data stolen by skimmers in some of the stores. The data theft occurred during the period of August-September, 2009, but reports of fraud did not appear in the media until October.
In a press release issued today, Hancock Fabrics said:
While the number of potentially affected stores involved in this situation is limited, the data accessed may have included customer information such as the name printed on a customer’s payment card, the card number, the card expiration date, and/or a PIN number when one was entered in a PIN debit transaction. It is important to note however that this theft does not involve customers’ social security numbers.
The company did not reveal the location or number of stores in which the compromised scanners were located, nor the number of customers who had reported fraudulent charges on their cards after using the cards at the stores, but as of November, there were at least 140 reports from victims in California, Wisconsin and Missouri. The company has posted an open letter to customers on its web site.
In March 2009, Hancock Fabrics was involved in another data breach when employee payroll records for their Huntsville, Alabama store were found unshredded in the trash behind the business. The payroll records, which went back to 2005, contained social security numbers, pay rates, and first and last names.