Rutter's data breach: Company says watch your accounts for this

Ron Musselman
York Dispatch
Rutters on North Hills Road in Springettsbury Township, Friday, Feb. 14, 2020. Dawn J. Sagert photo

Rutter’s said there is some protection for customers whose credit or debit cards might have been involved in the company’s recent data breach.

The issue, which the Manchester Township-based convenience store chain revealed on Thursday, affected more than 35 of its York County stores and 70 overall in Pennsylvania.

“Payment card network rules generally state that cardholders are not responsible for fraudulent charges that are reported in a timely manner,” Rutter’s spokeswoman Sue-Lee Miller said in an email Friday. “The phone number to call is usually on the back of your payment card.

“It’s always advisable to be vigilant for incidents of fraud by reviewing your account statements for any unauthorized activity. Customers should immediately report any unauthorized changes or charges to the financial institution that issued your card."

More:Police: SUV crashes into Taco Bell in Manchester Twp., DUI suspected

More:Police: DUI may have been factor in eight-vehicle pileup on Route 30

Rutter’s has set up a link on its website,,  where customers can search for the specific time frames and locations when credit card information could have been stolen.

The company also set up a hotline for customers with additional questions. The number is 888-271-9728, and the service hours are 9 a.m to 9 p.m., Monday through Friday.

Customers also can order a free annual credit report from each of the three nationwide credit reporting companies, contact the Federal Trade Commission at 1-877-IDTHEFT or file a complaint with the state Attorney General's Office.

The time frame: Most people impacted by Rutter’s breach shopped at one of their locations between Oct. 1, 2018, and May 29, 2019, although there was a case as far back as Aug. 30, 2018, the company said.

The data breach may have compromised credit cardholders' names, card numbers, expiration dates and internal verification codes, the company said. 

For those using chip-enabled credit cards, only card numbers and expiration dates were vulnerable.

Payment card transactions at Rutter’s car washes, ATMs and lottery machines in Rutter’s stores were not involved, Rutter’s officials said.

The company said it does not believe any other customer information is compromised and confirmed the data breach is not a result of skimmers on fuel pumps.

“If a credit card has been compromised, you will likely hear from the bank or card-issuer first,” the Better Business Bureau said on its website  

The organization, whose self-described mission is to focus on advancing marketplace trust, urges customers to monitor all transactions and statements closely and keep receipts in case you need to prove which charges you authorized.

Customers also can request a new debit or credit card or put a security block on their account, the organization said.

On Jan. 14. Rutter’s said it received evidence “an unauthorized actor may have accessed payment card data from cards used on point-of-sale devices at some fuel pumps and inside some of our convenience stores through malware installed on the payment processing systems.”

The company said it began an investigation along with assistance from cybersecurity firms and also notified law enforcement officials.

Rutter’s said the malware has been removed and “enhanced security measures” have been implemented.

“We regret this incident occurred and sincerely apologize for any inconvenience,” the company said. “Our family has been in business for over 273 years in central Pennsylvania, and we sincerely appreciate all of our loyal customers through the decades."

For a complete list of the York County locations and 70 Pennsylvania stores on the list, go to

— Ron Musselman can be reached at or via Twitter at @ronmusselman8.