PHOENIX - If you shop at Bashas', Food City, or AJ's, you're urged to check your debit and credit card transactions for unusual activity.
The Bashas' family of stores is "strongly encouraging" all of its customers to closely monitor their debit and credit card statements after a recent cyber attack.
A Bashas' spokeswoman said some criminals gained access to parts of their systems to get payment information.
Customers who have called in about these incidents have been in Pinal County, Maricopa County, and the Lake Havasu area, she said. They're still encouraging all customers to be on alert.
The Pinal County Sheriff's Office said as of Tuesday morning, they have received more than 400 reported cases of unusual activity.
The calls started coming in on Jan. 18, PCSO spokesman Tim Gaffney said.
The thieves are using the stolen credit card numbers in seven other states and four other countries, according to PSCO.
The Maricopa County Sheriff's Office told ABC15 that 11 people in Fountain Hills are also victims and that Sheriff Joe Arpaio himself, might be the 12th victim.
His credit card numbers were used by someone in the Chicago-area over the weekend. MCSO is checking to see if his credit card is connected to the Bashas' cyber attack.
In a statement to ABC15, Bashas' said a highly-sophisticated piece of malware was found and removed.
They're working with forensic specialists and federal law enforcement officials to find out who is responsible, Bashas' said.
Next page: Bashas' statement to customers
Bashas' statement to customers:
To Our Valued Customers
We were recently the victim of a cyber attack by highly sophisticated criminals who gained access to parts of our systems to capture payment information. We are cooperating with federal law enforcement officials to undergo a thorough and exhaustive investigation.
Bashas' is and has been compliant with all Payment Card Industry (PCI) security requirements. However, we recently located and removed a highly-sophisticated piece of malware that has never been seen before in the industry. The malware has been identified and contained, and we are working with forensic specialists and federal law enforcement officials in their investigation to find those responsible.
We've also installed additional security measures (beyond what is required by the industry) to our point of sale and enterprise systems to further protect our customers' information from such attacks in the future.
We have fielded some calls about this issue from customers in limited geographic locations. However, we strongly encourage all of our customers to closely monitor their debit and credit card transactions and to report any unusual activity.
We sincerely apologize for any inconvenience this may cause. If you have any additional questions, please contact our Customer Service Department at 480-883-6131.