We don't just cover the North Bay. We live here.
Did You Know? In the first 10 days of the North Bay fire, nearly 1.5 million people used their mobile devices to visit our sites.
Already a subscriber?
Wow! You read a lot!
Reading enhances confidence, empathy, decision-making, and overall life satisfaction. Keep it up! Subscribe.
Already a subscriber?
Oops, you're out of free articles.
Until next month, you can always look over someone's shoulder at the coffee shop.
Already a subscriber?
We don't just cover the North Bay. We live here.
Did You Know? In the first 10 days of the North Bay fire, we posted 390 stories about the fire. And they were shared nearly 137,000 times.
Already a subscriber?
Supporting the community that supports us.
Obviously you value quality local journalism. Thank you.
Already a subscriber?
Oops, you're out of free articles.
We miss you already! (Subscriptions start at just 99 cents.)
Already a subscriber?

Redwood Credit Union is reissuing 18,400 debit cards for customers whose financial information may have been stolen in what was described Thursday as a sophisticated cyber attack targeting the Raley's supermarket chain.

The number of potential victims is likely much greater than that reported Thursday by Santa Rosa-based Redwood, which is among several financial institutions that have customers who shop at Raley's, Bel Air and Nob Hill stores. The company operates 115 stores in California and 13 in Northern Nevada.

Anne Benjamin, Redwood's chief operating officer, said Thursday she could not recall another instance in which so many of the credit union's customers potentially have been affected by a cyber attack targeting a retailer.

She said such cases "happen a lot, and it happens to all financial institutions."

She said as of Thursday, Redwood had confirmed 200 "fraud-related cases from the Raley's stores."

One was from Petaluma resident Stan Culler, who was shocked to discover Thursday morning that someone had withdrawn $500 from his Redwood account the night before from an ATM in Las Vegas.

Culler said his wife shopped at a Raley's on North McDowell Boulevard in Petaluma only once this year, using the self-checkout line. The couple normally go to Lucky.

"That's like the worst lottery to hit ever," he said.

The scam potentially dwarfs a 2011 case involving 140 Petaluma residents and more than 500 victims across the Bay Area whose financial information was stolen after they shopped at a Lucky store. The thieves slipped a card-reading device inside the self-checkout terminals at 24 of the chain's Northern California stores to collect data and transmit it over wireless networks.

However, a Raley's spokeswoman on Thursday said the West Sacramento-based supermarket chain had yet to confirm any cases of unauthorized access to customer card data.

That's after the company on June 6 broadcast a public alert that criminals may have been able to obtain customer payment card data, such as card numbers, expiration dates or magnetic stripe data, in what the supermarket chain described as a "complex, criminal cyber attack."

"We do not have any evidence at any point or time that this was a successful infiltration," company spokeswoman Nicole Townsend said Thursday. "However, we have signs that there was an attack."

Benjamin, with Redwood, called Townsend's statement "interesting."

"That's kind of counter to what their press release was to the whole situation," Benjamin said.

She said Visa notified Redwood on about June 7 that several thousand accounts held by the credit union could have been affected by the Raley's cyber attack. The accounts represented customers who had shopped at one of Raley's stores during the period of time when the suspected breach occurred.

Benjamin said the credit union began monitoring those accounts for suspicious activity and sent alerts to customers warning them of the potential security breach. She said Redwood also began the process of issuing new debit cards to 18,400 customers but did not immediately close those accounts.

"You don't just want to cut people's cards off because they need them. They're never going to take a loss on any of those cards," she said.

The online message Culler received from Redwood two weeks ago said his account would be closed July 30, or immediately, if Redwood spotted "an increase in fraud issues related to this incident." In the meantime, the credit union was sending him a new debit card.

How to help

A GoFundMe account has been set up to help the Markus family. To donate, go here.

It's not for certain that whoever accessed his account Wednesday night in Las Vegas did so using information gleaned from the time his wife shopped at Raley's. But Culler said a Redwood official informed him when he stopped in at the Petaluma branch Thursday that he was the fifth person that morning to report being a victim of fraud.

Culler said the credit union refunded the $500 taken from him and issued him a new debit card on the spot.

"Whatever system they have in place to deal with scumbag events, it's working pretty damn well," he said.

Townsend said Raley's has taken steps to address the cyber attack on its stores but she declined to be specific, saying such details could undermine those efforts.

"We're confident that customers can continue using their payment cards in our stores," she said.

You can reach Staff Writer Derek Moore at 521-5336 or derek.moore@pressdemocrat.com. On Twitter @deadlinederek.