Schnucks, a regional Midwestern grocery chain headquartered in St. Louis, Missouri, with approximately 100 store locations, disclosed in March 2013 that it had suffered a payment card breach at its stores. The breach involved POS malware that scraped payment card track data from checkout terminals. The malware operated from approximately December 2012 through March 29, 2013 (when it was removed), affecting approximately 69 Schnucks store locations. Approximately 2.4 million unique payment card numbers were exposed. Schnucks became aware of potential fraudulent activity when card-issuing banks began noticing a pattern of fraud on cards that had all been recently used at Schnucks locations. The company engaged Mandiant for forensic investigation. Schnucks faced significant customer backlash and class-action lawsuits, particularly because the company continued operating stores and accepting card payments for several weeks after the breach was discovered internally before making a public disclosure. The company ultimately settled class actions. The Schnucks breach was part of the early wave of sophisticated POS malware attacks on grocery and supermarket chains that would intensify through 2013-2014. It demonstrated that POS malware was not limited to large national retailers but could successfully target regional grocery chains, and that attackers could maintain persistent access for months before detection.