DAMARISCOTTA, Maine — A rash of recent regional fraudulent activity has been traced back to a data breach of the credit card system of a Damariscotta grocery store.
Yellowfront Grocery co-owner Jeff Pierce said he was informed Oct. 19 that the store’s credit and debit card processing system had been compromised.
“You don’t think of things like this happening in small-town Maine, but it unfortunately does,” Pierce said. “As the local grocery store, it’s not a good feeling to have this happen to your customers.”
Pierce said he believed the hackers were able to access customers’ card data through the login system of Yellowfront’s point-of-sale software provider, CStars of Maine. According to a report by WCSH6, a business in Calais and its customers are dealing with a hack of similar nature.
Pierce said he believed the hackers were able to get into his system over the internet.
Since the breach, Pierce said CStars has updated Yellowfront’s firewalls and inspected the card equipment. Pierce also said the U.S. Secret Service has been working with CStars to increase security measures.
Yellowfront posted an update on its Facebook page Oct. 23 alerting customers to the breach and asking those who used a debit or credit card from Aug. 11 to Oct. 16 to check their accounts for suspicious activity.
“For the most part, everyone has been really understanding,” Pierce said. “We met all the requirements and our systems were certified. There was nothing else we could have done.”
In the past few weeks, Damariscotta Bank & Trust President and CEO Scott Conant said the bank has seen a decrease in fraudulent activity in the area.
“All the area banks that had customers impacted responded immediately, so we believe they have moved on,” Conant said.
Conant believes the hack was “one last push” by hackers to get credit and debit card information before the arrival of chip cards. In addition to the magnetic strips traditional credit and debit cards have, chip cards also have a computer chip that will make it harder for hackers to steal personal information.
“Right now, all hackers need to take is the number of the magnetic strip in order to take someone’s information,” Conant said. “There’s tech in the chip card that changes every time you use it. If someone were to try and duplicate the card based on that transaction, it wouldn’t work because the data on the card changes.”