Supervalu, Albertson’s hit by new breach

Eden Prairie, Minn. – Supervalu Inc., which reported an intrusion into the portion of its computer network that processes payment card transactions at some of its retail food stores on Aug. 14, is reporting the discovery of another breach. The company says that in what it believes to have been late August or early September 2014, an intruder installed different malware into the portion of its computer network that processes payment card transactions at some of its Shop ’n Save, Shoppers Food & Pharmacy and Cub Foods owned and franchised stores, including some of its associated stand-alone liquor stores.



Supervalu believes this is a separate attack from the one that previously occurred in June and July 2014. Upon recognition of this intrusion, the company took immediate steps to secure the affected part of its network and believes it has eradicated the malware. An investigation of this recently discovered incident is underway.



In addition, Supervalu says that enhanced protective technology significantly limited this recently discovered malware’s ability to capture data from payment cards where the malware was installed. Specifically, although the investigation is ongoing, Supervalu believes that this malware did not succeed in capturing data from any payment cards used at any stores other than at some checkout lanes at four Cub Foods franchised stores in Minnesota, where implementation of the enhanced protective technology had not yet been completed. Supervalu is offering customers who used their payment cards at those four stores during the relevant time period 12 months of complimentary consumer identity protection services through AllClear ID.



Supervalu is cooperating with law enforcement and has notified the major payment card brands involved in the breach.



“We care greatly about our customers, and the safety of their personal information will continue to be a top priority for us,” said Supervalu president and CEO Sam Duncan. “We’ve taken measures to install enhanced protective technology that we believe significantly limited the ability of this malware to capture payment card data and we will continue to make these investments going forward.”



In addition, a possibly related breach occurred at Albertson’s, Acme Markets, Jewel-Osco, Shaw’s and Star Market stores operated by New Albertson’s Inc. in late August and early September. Supervalu, which provides third-party IT services to Albertson’s, notified Albertson’s of the breach.



The new malware may have captured account numbers, expiration date, other numerical information and/or the cardholder’s name. At this time there has not been a determination that any payment card data was in fact stolen as a result of either incident. Measures have been taken to prevent further use of this new and different malware in the affected store locations. Albertson’s is also implementing additional measures to enhance the protection of customer payment card data. Supervalu is working with Albertson’s to investigate the breach but said it does not believe it would be responsible for any losses that result.