/

Costco Data Breach: What & How It Happened?

Costco Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In November 2021, Costco Wholesale Corporation identified a security incident involving a device designed to capture payment information at one of its store locations. The company informed customers who might have been impacted, advising them of possible unauthorized access to their payment card details. The issue was found during a regular inspection, and some customers reported suspicious activity on their accounts after visiting the store.

How many accounts were compromised?

The data breach impacted over 500 customers.

What data was leaked?

The data exposed in the breach included the magnetic stripe of payment cards, containing cardholder's name, card number, card expiration date, and CVV.

How was Costco hacked?

Hackers breached Costco's security by installing a payment card skimming device on a retail store terminal. The device intercepted customer card data from the magnetic strips during transactions. Costco personnel discovered the skimmer during a routine inspection and subsequently notified law enforcement. The extent of data retrieval by the criminals remains unclear.

Costco's solution

In response to the hack, Costco took immediate action by notifying law enforcement agencies and potentially affected customers. While specific enhanced security measures remain unclear, the company advised customers to check their recent bank and credit card statements for unauthorized charges or transactions. Additionally, Costco is offering victims IDX identity theft protection services, which include 12 months of credit monitoring, a $1 million insurance reimbursement policy, and ID theft recovery services.

How do I know if I was affected?

Costco has notified customers believed to be affected by the breach. If you're a Costco customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep a close eye on your bank and credit card statements for any unauthorized charges or transactions. Report any suspicious activity to your financial institution immediately.

For more specific help and instructions related to Costco's data breach, please contact Costco's support directly.

Where can I go to learn more?

If you want to find more information on the Costco data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

Costco Data Breach: What & How It Happened?

Costco Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In November 2021, Costco Wholesale Corporation identified a security incident involving a device designed to capture payment information at one of its store locations. The company informed customers who might have been impacted, advising them of possible unauthorized access to their payment card details. The issue was found during a regular inspection, and some customers reported suspicious activity on their accounts after visiting the store.

How many accounts were compromised?

The data breach impacted over 500 customers.

What data was leaked?

The data exposed in the breach included the magnetic stripe of payment cards, containing cardholder's name, card number, card expiration date, and CVV.

How was Costco hacked?

Hackers breached Costco's security by installing a payment card skimming device on a retail store terminal. The device intercepted customer card data from the magnetic strips during transactions. Costco personnel discovered the skimmer during a routine inspection and subsequently notified law enforcement. The extent of data retrieval by the criminals remains unclear.

Costco's solution

In response to the hack, Costco took immediate action by notifying law enforcement agencies and potentially affected customers. While specific enhanced security measures remain unclear, the company advised customers to check their recent bank and credit card statements for unauthorized charges or transactions. Additionally, Costco is offering victims IDX identity theft protection services, which include 12 months of credit monitoring, a $1 million insurance reimbursement policy, and ID theft recovery services.

How do I know if I was affected?

Costco has notified customers believed to be affected by the breach. If you're a Costco customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep a close eye on your bank and credit card statements for any unauthorized charges or transactions. Report any suspicious activity to your financial institution immediately.

For more specific help and instructions related to Costco's data breach, please contact Costco's support directly.

Where can I go to learn more?

If you want to find more information on the Costco data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Costco Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In November 2021, Costco Wholesale Corporation identified a security incident involving a device designed to capture payment information at one of its store locations. The company informed customers who might have been impacted, advising them of possible unauthorized access to their payment card details. The issue was found during a regular inspection, and some customers reported suspicious activity on their accounts after visiting the store.

How many accounts were compromised?

The data breach impacted over 500 customers.

What data was leaked?

The data exposed in the breach included the magnetic stripe of payment cards, containing cardholder's name, card number, card expiration date, and CVV.

How was Costco hacked?

Hackers breached Costco's security by installing a payment card skimming device on a retail store terminal. The device intercepted customer card data from the magnetic strips during transactions. Costco personnel discovered the skimmer during a routine inspection and subsequently notified law enforcement. The extent of data retrieval by the criminals remains unclear.

Costco's solution

In response to the hack, Costco took immediate action by notifying law enforcement agencies and potentially affected customers. While specific enhanced security measures remain unclear, the company advised customers to check their recent bank and credit card statements for unauthorized charges or transactions. Additionally, Costco is offering victims IDX identity theft protection services, which include 12 months of credit monitoring, a $1 million insurance reimbursement policy, and ID theft recovery services.

How do I know if I was affected?

Costco has notified customers believed to be affected by the breach. If you're a Costco customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep a close eye on your bank and credit card statements for any unauthorized charges or transactions. Report any suspicious activity to your financial institution immediately.

For more specific help and instructions related to Costco's data breach, please contact Costco's support directly.

Where can I go to learn more?

If you want to find more information on the Costco data breach, check out the following news articles: