Customer Fact Sheet: Cyber Attack

Bookmark and Share

Customer Fact Sheet: Cyber Attack

What happened?
On June 6, Raley's Family of Fine Stores announced that a portion of its computer network systems may have been the target of a complex, criminal cyber attack. We initiated a thorough investigation and we notified the FBI. At this time, we have not confirmed any unauthorized access to payment card data, but our investigation remains ongoing. We continue to encourage our customers to monitor their accounts and notify their banks or credit card companies of any suspicious activity.

What has Raley's done?
Since we issued that notification, we have been intensely focused on getting answers for our customers. We continued our internal investigation. We launched a separate, independent investigation on behalf of credit card companies. We've brought in some of the best security experts and they are satisfied with the security measures we have in place. They continue to work with us to determine what happened. We have full confidence our customers can continue using their payment cards in our stores.

What kind of information may be at risk?
Our investigation is ongoing relative to payment card data. Raley's has no reason to believe that customers' debit PIN numbers could have been accessed. In fact, it is our policy that we do not store debit card PIN numbers. Raley's does not collect Social Security or drivers' license numbers in association with payment card transactions. Robust security measures specific to PIN number entry have been, and remain, firmly in place.

Is my pharmacy information at risk?
We have no reason to believe any information connected with pharmacy orders may have been targeted or removed.

Is my Something Extra card information at risk?
We have no reason to believe the information our customers shared to participate in our rewards program may have been targeted or removed.

How many customers may have been affected?
Our investigation remains ongoing.

How many customers have you heard from?
Since the June 6 notification, our response team has fielded approximately three thousand calls from customers who have contacted Raley's with questions or concerns relating to the notification, or simply to thank us for letting them know they should be on alert. Some customers have told us they have been contacted by their banks and some customers have said they have noticed unusual activity on their accounts. While we encourage our customers to continue to work with their banks to determine the cause and address these incidents appropriately, we still have not discovered any evidence of unauthorized removal of information from Raley's payment card system. Our response team remains available for our customers.

Is it safe for customers to use their credit or debit cards at Raley's?
We have full confidence that our customers can continue using their payment cards in our stores.

When did this happen and how did you find out?
We learned from a major credit card company there was some questionable activity. We immediately launched a full investigation. At this point, all of the evidence that something may have happened remains circumstantial. We are continuing to look into this further, as well as continuing to assist outside investigations. We are continuing to listen to our customers, and continuing to work with our card processors to monitor for suspicious activity.

Who is responsible?
We do not know yet. We have reached out to the FBI and we are continuing with our investigations to find out who is responsible for this attack.

What can customers do?
We encourage our customers who may have used payment cards in our stores to take the following steps to protect their accounts:
  • Check and monitor your bank and credit card statements for any evidence of unauthorized transactions; and
  • Contact your bank or credit company immediately if you identify suspicious charges.

Will I be charged for unauthorized charges on my card?
Cardholders are typically not held responsible for fraudulent charges made by unauthorized parties if reported promptly to the card issuer.

Is Raley's Payment Card Industry (PCI) compliant?
Raley's has committed substantial resources to protecting customer payment card data. Earlier this year, a qualified security assessor conducted an assessment of Raley's security measures regarding payment card data and validated Raley's compliance with the Payment Card Industry (PCI) Data Security Standards.

Am I at risk for identity theft because of this attack?
We do not believe any sensitive information such as debit PIN numbers were accessed and we do not collect Social Security numbers or drivers' license numbers in association with payment card transactions. Our customers should not be at risk of identity theft due to this criminal attack. Identify theft occurs when someone illegally assumes the identity of another person often by using someone else's name and their Social Security number or other sensitive information which then is used to assume control over a victims' credit cards or bank accounts.

Do I need to contact law enforcement?
No. Raley's is working with card issuers and has reached out to the FBI. You should monitor your bank and credit card statements closely and report any suspicious transactions to your card issuer who will handle it from that point.

Will Raley's ever call me and ask for financial information?
Raley's will never call, email or text you to obtain personal information such as social security number or credit card numbers.

What is Raley's doing for its customers?
Protecting our customers' privacy is a top priority and our company sincerely regrets any inconvenience that this apparent attack on our network may have caused. We have established a dedicated response team to answer customers' questions that is available extended hours seven days a week from 7 a.m. to 9 p.m. by telephone toll-free at 1-800-925-9989.