ST. LOUIS (AP) - A civil lawsuit has been filed against suburban St. Louis-based grocery store chain Schnucks, claiming it didn't warn customers about a data security breach that led to fraudulent charges on customers' credit cards.
Lead plaintiff Michael Bannister said in the lawsuit that Schnucks learned of the data breach on or about March 15, but informed the public with a press release on March 30. The lawsuit, which was filed Monday in St. Louis Circuit Court, seeks class-action status.
Schnucks said last month it was the victim of hackers who gained access to credit card and debit card information of customers. The company says it's contained the breach, but advises customers to continue monitoring their accounts for fraudulent charges.
The lawsuit accuses Schnucks of violating a Missouri law that requires a company with access to personal and financial information to disclose that a breach of information has occurred.
But Schnucks spokeswoman Lori Willis said that because only financial information was compromised, the rules of notification did not apply. She said the hackers lifted information from the digitally formatted magnetic stripes on the back of cards, which don't contain names.
Willis also said that although Schnucks was aware of some compromised cards on March 15, it was not until March 19 that it hired an investigator, Virginia-based Mandiant, to look into the breach.
"Telling us there's a problem with a few cards and confirming a security breach are different things," Willis said.
Geoff Meyerkord, the lawyer who filed the lawsuit, told The St. Louis Post-Dispatch (http://bit.ly/ZbBX1h) he's awaiting Schnucks' response.
"As the action progresses, more information will likely become available and additional comment will be given at that time," he said.
Information from: St. Louis Post-Dispatch, http://www.stltoday.com