Supervalu has discovered a second data breach—a “separate intrusion” potentially launched by a different sets of cyberthieves—that hit many of its grocery stores. The chain did, however, report a silver lining: Security upgrades from the first attack minimized damage from the second attack. But it also noted that many of its stores have yet to have those security upgrades installed.
Supervalu “has recently discovered that, in what it believes to have been late August or early September 2014, an intruder installed different malware into the portion of its computer network that processes payment card transactions at some of its Shop ’n Save, Shoppers Food & Pharmacy and Cub Foods owned and franchised stores, including some of its associated stand-alone liquor stores,” the company said in a statement.
The chain added that it “believes that its enhanced protective technology significantly limited this recently discovered malware’s ability to capture data from payment cards where the malware was installed. Specifically, although the investigation is ongoing, Supervalu believes that this malware did not succeed in capturing data from any payment cards used at any stores other than at some checkout lanes at four Cub Foods franchised stores that are discussed below. Even as to the checkout lanes at these four stores, the Company has made no determination that any cardholder data was in fact stolen by the intruder.”
But the rollout of that unspecified enhanced security was not complete. “Supervalu believes that the recently discovered malware potentially captured data from payment cards used at some checkout lanes in four franchised Cub Foods stores in Hastings, Shakopee, Roseville (Har Mar) and White Bear Lake, Minnesota, where implementation of the enhanced protective technology had not yet been completed. For these four stores, Supervalu believes that the malware may have been successful in capturing account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some checkout lanes during the period of August 27 (at the earliest) through September 21 (at the latest), 2014; however, the Company has made no determination that any cardholder data was in fact stolen by the intruder.”