Supervalu becomes latest to suffer data breach (Update)

Aug 15, 2014 by Michelle Chapman
In this Jan. 9, 2012 file photo, customers exit a Shop' Save grocery store in Mount Lebanon, Pa. Supervalu said Friday, Aug. 15, 2014, that a potential data breach may have impacted about 200 of its stores and reached stores it sold off last year. The announcement is just the latest disclosure by a business that its systems have been intruded, with P.F. Chang's, Target and others among those recently revealing breaches. Within the grocery sector, chains such as Yoke's Fresh Market and Super 1 Foods were hit by a data breach between September and November 2013. (AP Photo/Gene J. Puskar, File)

A data breach at Supervalu may have impacted as many as 200 of its grocery and liquor stores and potentially affected retail chains recently sold by the company in two dozen states.

The announcement lengthens the list of retailers that have had security walls breached in recent months, including Target, P.F. Chang's and even the thrift store operations of Goodwill Industries International Inc.

Hackers accessed a network that processes Supervalu transactions, with account numbers, expiration dates, card holder names and other information possibly stolen, the company said. Those systems are still being used by the stores sold off by Supervalu last year for $3.3 billion, potentially opening up customer data at those stores as well.

The breach occurred between June 22 and July 17, according to Supervalu, which said it took immediate steps to secure that portion of its network.

The cards from which data may have been stolen were used at 180 Supervalu stores and liquor stores run under the Cub Foods, Farm Fresh, Hornbacher's, Shop 'n Save and Shoppers Food & Pharmacy names. Data may also have been stolen from 29 franchised Cub Foods stores and liquor stores. Those stores in North Dakota, Minnesota, Illinois, Virginia, North Carolina, Maryland and Missouri.

But Supervalu said that a related criminal intrusion occurred at the chain stores it sold to Cerebus Capital Management LP in March 2013, stores that Supervalu continues to supply with information technology services.

Those stores include Albertsons, Acme, Jewel-Osco, Shaw's and Star Market—and related Osco and Sav-on in-store pharmacies in two dozen states.

Cerebus affiliate AB Acquisition said that it's working closely with Supervalu to evaluate the scope of the potential breach.

Supervalu has yet to determine if any cardholder data was actually stolen and said Friday that there's no evidence of any customer data being misused. Information about the breach was released out of "an abundance of caution," the company said.

The company believes that the intrusion has been contained and it said it is confident that people can safely use credit and debit cards at its stores.

Supervalu and AB Acquisitions are offering customers whose cards may have been affected a year of consumer identity protection services via AllClear ID.

Supervalu has also created a call center to help answer customer questions about the data breach and the identity protection services being offered. The call center can be reached at (855) 731-6018. Customers may also visit Supervalu's website under the Consumer Security Advisory section to get more information about the data breach and the identity protection services.

There are efforts underway to make credit and debit cards more secure following a rash of security breaches in recent months.

Target Corp. said this month that expenses tied to a breach leading up to last year's holiday shopping season could reach as high as $148 million. The incident led to a major shakeup at the company and CEO Gregg Steinhafel resigned.

Restaurant operator P.F. Chang's confirmed in June that data from credit and debit cards used at its restaurants was stolen. There have been smaller breaches at Neiman Marcus and Michaels Stores Inc.

Shares of Supervalu shed 33 cents to $9.26 in afternoon trading.

Explore further: Goodwill, feds investigate possible data breach

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Target offers credit monitoring after data breach

Jan 24, 2014

Target Corp. is offering some of its Canadian customers a year of free credit monitoring after a massive security breach at its U.S. stores put confidential details into the hands of thieves.

Recommended for you

Sites stumble on to malware path with plugin exploit

23 hours ago

The numbers were not pretty. Over 100,000 WordPress websites may have been infected with malware, once again proving that where there is widespread popularity, whether in operating systems or platforms or ...

Norway probes spy equipment found in central Oslo

Dec 15, 2014

Norwegian police said Sunday they have warned politicians about possible eavesdropping of cellphone calls after several listening devices were reportedly found in central Oslo, including near government buildings and Parliament.

Identity theft victims face months of hassle

Dec 14, 2014

As soon as Mark Kim found out his personal information was compromised in a data breach at Target last year, the 36-year-old tech worker signed up for the retailer's free credit monitoring offer so he would ...

Your info has been hacked. Now what do you do?

Dec 14, 2014

Criminals stole personal information from tens of millions of Americans in data breaches this past year. Of those affected, one in three may become victims of identity theft, according to research firm Javelin. ...

New Bond script stolen in Sony hack

Dec 14, 2014

An "early version" of the screenplay for the new James Bond film was the latest victim of a massive hacking attack on Sony Pictures Entertainment, its producers said in a statement on their website Sunday.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.