Supervalu confirms second payment systems breach
EDEN PRAIRIE, Minn. — Just a little more than a month after Supervalu announced a data breach, the company has confirmed a second malware attack on its payment systems.
On Aug. 14, Supervalu announced that it had experienced a criminal intrusion into the portion of its computer network that processes payment card transactions at some of its retail food stores, including some of its associated standalone liquor stores, but not including its Save-A-Lot stores.
The company believes that the second incident occurred anywhere between late August and early September 2014. Different malware from the one installed in the first incident was discovered in the payment systems at some of its Shop ’n Save, Shoppers Food and Pharmacy and Cub Foods owned and franchised stores, including some of its associated standalone liquor stores.
The company believes this was a separate intrusion from the one announced Aug. 14. The company said that it took immediate steps to secure the affected part of its network, and believes it has eradicated the malware. An investigation of this recently discovered incident is underway.
Supervalu also touted its enhanced protective technology, saying that it significantly limited the recently discovered malware’s ability to capture data from payment cards where the malware was installed. Specifically, although the investigation is ongoing, Supervalu believes that this latest breach did not succeed in capturing data from any payment cards used at any stores other than at some checkout lanes at four Cub Foods franchised stores, adding that “even as to the checkout lanes at these four stores, the company has made no determination that any cardholder data was in fact stolen by the intruder.”
The company does not believe that the malware affected any of its Farm Fresh or Hornbacher’s stores, any of its owned or licensed Save-A-Lot stores or any of the independent grocery stores supplied by the company through its independent business network — other than the affected Cub Foods franchised stores.
The company has notified federal law enforcement authorities of this latest incident and is cooperating in their efforts to investigate the matter and identify those responsible.
“We care greatly about our customers, and the safety of their personal information will continue to be a top priority for us,” said president and CEO Sam Duncan. “We’ve taken measures to install enhanced protective technology that we believe significantly limited the ability of this malware to capture payment card data and we will continue to make these investments going forward.”