Cybercrooks presumed to be operating from Russia hacked into the Restaurant Depot database last month and accessed the credit and debit card details of more than 100,000 customers.
In a Nov. 25 notice, Stanley Fleishman, the chief executive officer of Restaurant Depot and supermarket wholesaler Jetro Cash & Carry, informed affected customers that "unauthorized persons obtained the names of cardholders, credit or debit card numbers, card expiration dates, and verification codes that were on the magnetic stripes of credit and debit cards used at our stores from September 21 through November 18, 2011."
Online thieves employed identical tactics late last month to steal shoppers' credit card data from 20 branches of the Silicon Valley grocery store chain Lucky Supermarkets.
The Restaurant Depot incident came to light on Nov. 9, when customers reported that they'd become victims of credit card fraud. The following day, Restaurant Depot hired Trustwave, a computer forensics firm, to investigate.
Restaurant Depot's memo did not provide details about the nature of the data breach or who was behind it, but according to the technology news website Finextra, cybercriminals placed malware onto the credit and debit card processing systems used in Restaurant Depot's stores, and then harvested the stolen data and sent it to a server in Russia.
In the wake of the massive data breach, Restaurant Depot is urging affected customers to notify their credit card providers and monitor their bank statements for any evidence of fraud. The company is also warning customers who shopped at the restaurant wholesaler to be aware of phishing emails or phone calls from people asking for confidential information.