News Feature | October 3, 2014

On The Heels of First Security Breach, SuperValu Announces New Data Breach

Source: Innovative Retail Technologies

By Brianna Ahearn, contributing writer

On August 14, SuperValu announced they had experienced a data security breach in June and July. Now the company is announcing it observed a second security breach into the payment system it uses for its customers. The Wall Street Journal reported the news on September 29, sharing that the company had recently uncovered malicious software on its payment system . The same day, SuperValu posted a press release on its website to warn consumers.

The newest data breach is believed by the company to have occurred in late August or early September of this year. According to the company's statement, SuperValu believes an intruder “installed different malware into the portion of its computer network that processes payment card transactions.” The threat affected shoppers at Supervalu Inc's Shop n' Save, Shoppers Food and Pharmacy, Cub Foods, and associated stand-alone liquor stores. It's SuperValu's belief that the incident is separate from the breach previously reported in August. In response to the August data intrusion, SuperValu enchanced its security systems, but the new threat is still a concern. The press release reports “the Company took immediate steps to secure the affected part of its network and believes it has eradicated the malware.” SuperValu is currently investigating the breach.

SuperValu isn't alone in the battle to protect consumer payment data. Sandwich shop retailer Jimmy John's recently reported a possible security threat as well at approximately 216 locations. In that threat, an intruder stole a log-in from Jimmy John's POS vendor and used it to remote access POS systems throughout the Jimmy John's franchised and owned stores. SuperValu is assuring consumers their enhanced technology “significantly limited” the malware from capturing payment card data, and that it didn't succeed in getting a wide amount of data. The company did state, however, that data was potentially captured at checkout lanes in four franchised Cub Foods stores located in Minnesota; these stores hadn't received the enhanced security yet. The data believed captured included account numbers, and possibly expiration dates, cardholders, and other information. SuperValu stressed that they've made no determination at this time that the data was indeed stolen.

In an effort to protect consumers, SuperValu announced the company would provide customers who used payment cards in Hastings, Shakopee, Roseville or White Bear Lake, Minnesota, 12 months of complimentary consumer protection from AllClearID. Additionally, the company has a call center available to respond to consumer concern about the instruction, with information on how to contact SuperValu available on their website. SuperValu has about $17 billion in sales anually, and owns multiple grocery store chains, and is the IT supplier for Albertson's LLC, Acme Markets, Jewel-Osco, Shaw's and Star Markets. It's unclear at this time if the security breach affected any other stores with IT by SuperValu, except for the four Cub Foods locations.