For a few months earlier this year, the personal data of customers of the Schnucks supermarket chain was exposed to hackers whose work went undetected until after a card processing company issued an alert about fraudulent activity on a handful of credit and debit cards used at the stores.
Even after the alert was issued, it took a while to determine the cause and close the breach. In an initial probe, Schnucks quickly ruled out insider theft or faulty point-of-sale machines as causes. The St. Louis-based retailer then hired Mandiant, a cybersecurity firm, to pursue the investigation, but even Mandiant's specialists needed about two weeks to find and plug the breach, and then secure the company's systems.
Analysts say such delays in finding and closing breaches could grow more common because hackers are getting more sophisticated and the security tools needed to keep them at bay are mostly still in development.