Breach Round Up

Supervalu Confirms Major Cyberthief POS Network Attack

A cyberthief attack has hit the Supervalu grocery chain's card-processing network, impacting potentially 1,000 stores and stealing card numbers, expiration dates and other data .

“The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data," CEO Sam Duncan said Thursday (Aug. 14).

The $17 billion chain said that the data stolen and the stores impacted are limited. "Supervalu believes that the payment cards from which such cardholder data may have been stolen were used during the period of June 22 (at the earliest) through July 17 (at the latest), 2014, at the 180 Supervalu stores and stand-alone liquor stores listed at www.Supervalu.com under the Consumer Security Advisory section, operated under the Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save and Shoppers Food & Pharmacy banners. The intrusion may also have resulted in the theft of such cardholder data from some cards used during this period at 29 franchised Cub Foods stores and stand-alone liquor stores, which are included in the store list referenced on the Supervalu website.  Supervalu currently believes that the intrusion did not affect any of its owned or licensed Save-A-Lot stores or any of the independent grocery stores supplied by the Company through its Independent Business network other than the franchised Cub Foods stores referenced above."

A report in The Wall Street Journal, however, said the damage could be much more widespread, potentially impacting more than 1,000 stores, attributing that figure to the ever-popular "according to people familiar with the situation."

The Journal story said the attack "may have resulted from hackers installing malicious software onto the company's point-of-sale network," which is certainly logical given the widespread nature of the attacks, as well as the company's statement that certain parts of the company—presumably using a separate POS network—appear to have been not impacted.

Supervalu said in its statement that "this press release has not been delayed as a result of law enforcement investigation," which is a nod to consumers' ever-increasing demand for data breach transparency. Many chains have cited information-release delays as having been requested by law enforcement, which is a common exemption with state databreach disclosure laws. (See Urban Outfitters security chief expressing concerns about those data breach disclosure rules.)

The chain also tried to reassure investors that this will not likely result in huge losses. "Supervalu maintains insurance for cyber threats, which it believes should mitigate the financial effect of these intrusions on Supervalu, including claims that might be made against the company based on these intrusions. Based on currently available information, Supervalu management does not believe that the ultimate outcome of these intrusions, including any related lawsuits, claims or other proceedings that might be initiated against the Company, will have a material adverse impact on the Company’s consolidated results of operations, cash flows or financial position."

——————————

NEW PYMNTS DATA: HOW WE SHOP – SEPTEMBER 2020 

The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

Click to comment

TRENDING RIGHT NOW