ST. LOUIS (CN) - A class action claims the St. Louis-based grocery chain Schnuck Markets waited for 15 days to warn customers that their financial information had been jeopardized by hackers.
Lead plaintiff Michael Bannister sued Schnuck Markets in City Court.
"On or about March 15, 2013, Schnucks detected that its computer systems had been compromised by one or more individuals, which allowed these individuals to steal plaintiff's and class members PII [personal identifying information] - including their credit card information, debit card information, and debit card PIN numbers - when plaintiff and class members used their credit and debit cards to make purchases from Schnucks (the 'data breach')," the complaint states.
"Schnucks' security failures enabled hackers to steal plaintiff's and class members' PII from within Schnucks' computer systems and subsequently make unauthorized purchases on customers' credit cards and otherwise put plaintiff's and class members; financial information at serious and ongoing risk. The hackers continue to use the information they obtained as a result of Schnucks' inadequate security to exploit and injure plaintiff and class members."
Bannister claims Schnucks failed to comply with computer security industry standards. And, he says, "Despite first learning of the data breach on or about March 15, 2013, Schnucks did not inform the public of the data breach until March 30, 2013 - two weeks later - via the issuance of a press release."
Bannister claims customers were not given individual notice of the breach; many found out about it by finding discrepancies on their bank statements.
He claims that Schnucks failed to admit that its own actions contributed to the breach.
"Rather than take responsibility for its security failures that resulted in the data breach, Schnucks has placed the burden on aggrieved customers like plaintiff and the other members of the class, either to self-monitor their accounts and credit reports for years to come, or to spend time and money on fraud alerts or credit-report security freezes," the complaint states.
"At no time has Schnucks offered credit monitoring or identity theft protection assistance to plaintiff or to other members of the class, nor has Schnucks taken any affirmative steps to make plaintiff and class members whole for the damages arising out of Schnucks' conduct."
The class consists of all Missourians who used their credit or debit card at Schnucks while its computer system was compromised.
Bannister seeks actual and punitive damages for breach of implied contract, violations of the Missouri Merchandising Practices Act, invasion of privacy by public disclosure of private facts. He also wants Schnucks ordered to send customers notice of the data breach and ordered to post a notice of the breach in all of its stores.
He is represented by Geoffrey Meyerkord with Meyerkord & Meyerkord.