A chain of liquor stores based in Houston, Texas may have leaked as many as 550,000 sets of customer bank and card records after some of its systems were compromised.
Data lost includes most things an identity thief might want, ranging from payment card numbers, expiry dates and security codes to dates of birth and driver's license numbers in some cases. As in the case of the Neiman Marcus breach, the leak was uncovered from the outside, with banks and credit card companies spotting something was amiss before the store operators themselves were aware. This led to some customers learning of the problem from their banks some time before the public disclosure of the issue by Spec's, which was issued on 28 March.
Their statement does not specify when they first learned of the breach, but asserts that it was finally fully cleaned up by 20 March. With the initial penetration thought to have occurred on 31 October 2012, that's almost 17 months during which some or all of the 34 stores involved were infected.
For those worried their data may have been leaked, Spec's provides a full list of the stores involved, and offers the usual credit monitoring services, in their statement.
Spec's, a family-run chain which is apparently the fifth largest wine seller in the US, operates over 165 stores, of which 34 are thought to have been affected by the breach.