Notice of Data Security Incident

 

Brookshire Grocery Company (“Brookshire”) is notifying impacted individuals of a data security incident that may have affected their personal information. Brookshire owns and operates grocery stores in the state of Texas. Your personal information may have been impacted if you made a purchase from a Brookshire’s retail locations in Weatherford or Midlothian, Texas between September 1 and September 28, 2024; Forney, Texas between September 1 and September 29, 2024; Bridgeport or Joshua, Texas between September 1 and September 30, 2024; or Red Oak, Texas between August 27 and September 30, 2024. Brookshire takes the privacy and security of the information in its control seriously and sincerely apologizes for any concern this may cause.

 

What Happened?

 

Brookshire discovered unauthorized devices installed on registers at its Brookshire’s retail locations in Weatherford, TX, store number 119, located at 601 West Palo Pinto; Midlothian, TX, store number 69, located at 1400 E Main St.; Forney, TX, store number 89, located at 427 Pinson Rd.; Joshua, TX, store number 133, located at 1001 Joshua Station Blvd.; Red Oak, TX, store number 108, located at 105 E Ovilla Rd.; and Bridgeport, TX, store number 5, located at 1203 Hwy 380. Upon this discovery Brookshire removed the devices, implemented its incident response protocols, began an internal investigation, and contacted law enforcement. The investigation found that the unauthorized devices were payment card skimmers capable of reading and obtaining personal information contained on customer payment cards used to make purchases. It was also determined that the devices were potentially in place on impacted registers between September 1 and September 28, 2024, at the Weatherford and Midlothian locations, between September 1 and September 29, 2024 at the Forney location, between September 1 and September 30, 2024 at the Bridgeport and Joshua locations, and between August 27 and September 30, 2024 at the Red Oak location. The investigation further found that the devices were only capable of capturing information from transactions where cards were swiped (as opposed to transactions where cards used one touch or “tap” technology or were inserted into card readers to use chip technology). The investigation was unable to determine if any personal information was actually compromised—only that there was the capability for compromise. Potentially impacted information would include names, credit or debit card numbers, card expiration dates, and security codes.

 

Brookshire continually monitors its registers in an attempt to prevent similar incidents from happening and is in the process of implementing new technology designed to prevent these types of incidents in the future. We are also offering credit monitoring and identity protection services from CyberScout to impacted individuals at no cost.

 

Impacted individuals should remain vigilant for incidents of identity theft or fraud by reviewing bank accounts and other financial statements, as well as credit reports, for suspicious activity. Incidents of suspected identity theft should be reported to law enforcement or the attorney general. We also encourage individuals to contact CyberScout with any questions and to take full advantage of the CyberScout service offering.

 

For more information

 

Please call 1-800-405-6108 Monday through Friday from 8 am - 8 pm Eastern Time. We take very seriously the need to protect the privacy and security of all information in our respective care, and deeply regret any inconvenience or concern that this matter may cause.