Grocery pickup accounts hacked – KPRC 2 Investigates

Grocery pickup accounts hacked – KPRC 2 Investigates

 

Kroger’s e-Commerce Team recently investigated a case of customer information being stolen but found no evidence of a Kroger data breach. Kroger notifies customers of their designated pick-up time via email and advises customers to keep their email addresses up to date. Here are a few notable comments:

  • The safety and security of our associates and customers are our top priority.
  • After an internal investigation, The Kroger e-Commerce Team did not find a Kroger data breach and we cannot speculate how the customer’s personal information was stolen.
  • We send emails to all customers informing them of their designated pick-up time. Please be sure your email address is up to date because we will always notify you if and when an order has been placed and your designated pick-up date and time.

KPRC 2 Investigates: Grocery Pickup Accounts Hacked

HOUSTON – Ordering products and groceries online and picking them up at the store has become extremely popular since the start of the pandemic. But it’s not just busy families using the service. KPRC 2 Investigates has discovered thieves taking advantage too. We are looking into what you need to know to make sure you’re not paying for someone else’s groceries.

Saving credit card info to store accounts makes you a target. With some retailers, you can save your credit card information in the app or on the website to make your check-out that much faster. But you’re also making it easier for thieves to check out and stock up. Busy mom Sherina Welch routinely orders groceries on her Kroger app. She lets employees do the shopping and then picks up her order when it’s ready.

“I’ve been using them for gosh, probably as long as they’ve been out,” said Welch. “I’ve never had a problem.”Grocery Pickup Accounts Hacked - Suspect Crystal Murillo

That changed on May 11 when Welch got a notification thanking her for her Kroger order. The only problem – was she didn’t place an order. The Kroger receipt said the order would be ready for pick-up between 3 and 4 at a Kroger in Katy. Welch lives some 40 miles away in Conroe. So, she checked her account.

“Sure enough, there was an order. It was under my name, but a different phone number,” she said.

The order was $247 worth of non-perishable groceries and other items like cleaning supplies. Welch called Kroger and then the law enforcement. Harris County Precinct 5 Constables went undercover as Kroger employees to deliver the fraudulent order.

“As they were there delivering the groceries, they were able to ask her questions. ‘We need to see some identification to confirm that you’re the right person picking up this order,’” said Chief Brian Harris with Harris County Precinct 5 Constable’s Office.

Suspected grocery order thief part of a larger network

Deputy Constables identified 34-year-old Crystal Murillo when she tried to pick up the stolen groceries. She was arrested and charged with credit card abuse, but Chief Harris said she’s not working alone.

“It’s like a pyramid scheme,” Harris explained. Someone else was accessing the Kroger accounts and finalizing the orders from another country. Murillo and others would make the pick-ups, keep the products and pay those higher up the chain a fraction of what the order was worth. Murillo bonded out of jail so we stopped by her home to get her side of the story. No one answered the door; but Harris said their investigation shows she was recruiting others to join the fraud and share the profits.

“The bigger fish gets a cut,” he explained. “And for them, this criminal organization, everybody wins.”Grocery Pickup Fraud Deputy Constables

Everybody but victims like Welch. Fortunately, she caught the fraud and didn’t have to pay. Chief Harris said the crime ring they’re investigating has been doing this for at least three years.

“It wasn’t just Kroger. These accounts had been set up at Walmart and Costco and other large, large supermarkets,” he explained. “Anybody who offered any kind of grocery pick-up, or product pick-up- they were involved in.”

Investigators still don’t know how the criminals are accessing the customer accounts but Kroger tells us its own “internal investigation… did not find a Kroger data breach.”

Welch said if she hadn’t seen the notifications and caught the order before it was picked up, she would have been charged. Others aren’t so lucky.

“I feel sorry for those people because if they’re working and they can’t access their email throughout the day, those are the people that are really getting victimized,” said Welch.

Police said the phone number that was used when criminals used Welch’s account to make that order was also used on several other pick-up accounts at that Katy Kroger the same day. It’s an out-of-order number with a foreign area code. You can help protect your account by removing your credit card number from the app. Also, do like Welch and set up your accounts to notify you when an order is placed.

________________________________________

Full Kroger statement regarding stranger placing an order on customer’s pickup account:

“At Kroger, the safety and security of our associates and customers is our top priority. After an internal investigation, The Kroger e-Commerce Team did not find a Kroger data breach and we will not speculate how the customer’s personal information was stolen. We want to thank our Kroger Pickup Associates for assisting local law enforcement. Our team monitors for unusual orders, and in this instance flagged the order for review. Upon learning the order was fraudulent, it was immediately canceled with no charges made toward the customer. We will continue working with the police as this is an ongoing investigation.”

Article Source: https://www.click2houston.com/news/investigates/2022/06/01/kprc-2-investigates-grocery-pickup-accounts-hacked/