Supervalu announces another possible data breach, finds malware on point-of-sale systems
Supervalu is once again putting out word about a possible data breach at some of the grocery-store chain’s locations.
A little over a month after announcing that its computer systems had been hacked in a potential data breach, the Eden Prairie, Minnesota-based company said Monday that it recently discovered malware installed by “an intruder” on point-of-sale systems at some of its Shop ‘n Save, Shoppers Food & Pharmacy, and Cub Foods franchises, along with a few associated liquor stores. The malware breach also affects certain locations of the Albertsons’s grocery chain, which uses Supervalu’s information technology services in its Albertson’s, Acme, Jewel-Osco, Shaw’s, and Star Market stores.
Supervalu (SVU) says this latest instance was “a separate intrusion” from the one announced in mid-August, in which the company found that its computer network had been hacked in a breach that might have led to the theft of customers’ payment card data from more than 200 grocery stores between mid-June and mid-July.
The company said the more recent breach involves malware it believes was installed either in late August or early September. Supervalu is working with federal law authorities in an attempt to identify those responsible for installing the malware and the company has also notified major payment card brands of the incident.
The company did point out that its security systems helped mitigate the damage that could have resulted from the malware. “We’ve taken measures to install enhanced protective technology that we believe significantly limited the ability of this malware to capture payment card data and we will continue to make these investments going forward,” Supervalu CEO Sam Duncan said in a statement.
In this instance, the grocery chain thinks that most of its customers’ credit or debit cards were safe from this particular attack. In this latest breach, Supervalu believes that while the malware was widespread, it only may have captured data came from only four of its Cub Foods grocery stores located in Minnesota. And, even in those instances, the company says it has not yet figured out whether or not any cardholder data was actually stolen.
Supervalu’s stock was down about 1.5% in after-hours trading on Monday evening after having fallen more than 1.8% during the day. The company’s second data breach announcement in as many months comes as the latest blow to consumer confidence in a retail industry that has been hit with several similar intrusions. EBay (EBAY) and Target (TGT) have both suffered through high-profile breaches in the past year, while both Home Depot (HD) and the sandwich chain Jimmy John’s have had similar issues in the past month.