The class-action lawsuits against Schnucks allege that the company was negligent in its handling of a massive security breach that potentially compromised millions of credit and debit cards. Customers seeking damages across Missouri and Illinois argue that the company had an obligation to tell patrons sooner than it did.
The Missouri Attorney General's office, however, has a different take on the breach: Schnucks is a victim, too.
"After reviewing the records and speaking with forensic investigators, we did not find that Schnuck Markets violated Missouri laws regarding data security," Nanci Gonder, spokeswoman for the attorney general, tells Daily RFT in an e-mail. "We are of the opinion that Schnuck Markets was itself a victim of criminal wrongdoing which remains under investigation by authorities."
See also: - Schnucks: Credit Card Security Breach May Have Impacted 2.4 Million People - Schnucks' Biggest Fans: St. Louis Couple Gets Married At Des Peres Supermarket - Schnucks Lawsuit: Could Company Owe Millions of Dollars To Affected Customers?
As we reported back in April, Schnucks announced that a "cyber attack" between December of 2012 and March 29 of this year impacted a majority of the chain's 100 supermarkets and that shoppers during that timeframe who used credit or debit cards should monitor their accounts or consider getting new cards.
The company is now facing multiple class-action lawsuits from attorneys making a range of allegations of wrongdoing on behalf of the company.
But from the perspective of the Attorney General's office, Schnucks did not do anything illegal -- a statement which will likely be useful to the company as it continues to argue in court that it should not be held responsible.
Gonder explains to Daily RFT that the attorney general's investigation was conducted over several months:
Investigators from the Attorney General's Office kept in contact with officials from Schnuck Markets for several months as information was gathered. As required by their agreements with credit card companies, Schnucks commissioned an independent forensic investigation firm to thoroughly examine their network, identify the source and cause of the breach, and submit a detailed report of their findings. Our investigators, in conjunction with investigators from the Illinois Attorney General's Office, interviewed the independent analyst who examined the breach and reviewed the thorough report the analyst prepared.
One of the suits brought on behalf of an Illinois woman alleges violations of the Illinois Consumer Fraud Act as well as the Illinois Personal Information Act.
Schnucks has argued that the suits are without merit and that it informed customers as soon as it possibly could of the breach.
Attorney Jeff Millar, leading one of the Illinois suits, tells Daily RFT that new shoppers are frequently joining the class-action suit and are frustrated with the public apologies from the company.
"Customers are not happy," he says. "They've had to change all their cards.... They want to see...some remedial measures taken by Schnucks."
Asked about the latest developments in the litigation earlier this week, a Schnucks spokeswoman deferred to the company's past comments on the breach.
Send feedback and tips to the author. Follow Sam Levin on Twitter at @SamTLevin.