Up to 2.4 million credit cards may have been compromised after St. Louis grocery chain Schnucks was targeted with malware, the chain revealed this week. The attack had been reported before, but the store only revealed its full extent this week.

The fraud may have lasted up to three months, and potentially affects customers who used cards in Champaign, Urbana and Savoy, the chain said in a statement. Customers have reported fraudulent charges to cards used at the store, some totalling thousands of dollars.

The company warned that although the problem itself has been contained, customers could face further fraud. "Groups who steal credit cards from merchants will often wait and then sell the stolen credit cards in batches over time," Schnucks said in its statement.

The company says that the problem has now been “found and contained”. Chairman and CEO Scott Schnuck said in the statement, "Over the years, technology has helped us deliver superior customer service, but it also introduces risks that we have actively worked to manage through compliance audits, encryption technology and various other security measures."

A previous ESET analysis of some of the issues surrounding large-scale credit card fraud can be found here.