Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

New Data Breaches Hit Supervalu, Albertson’s

Supermarket chains Supervalu and Albertson’s revealed on Monday that some of their payment processing systems have once again been breached.

Supermarket chains Supervalu and Albertson’s revealed on Monday that some of their payment processing systems have once again been breached.

In a security advisory posted on its website, Supervalu said cybercriminals installed a piece of malware on a section of its computer network that handles payment card transactions for Shop’n Save, Shoppers Food & Pharmacy and Cub Foods Aestores, including some associated stand-alone liquor stores.

The incident, which took place in late August or early September, is a separate breach from the one announced by the company on August 14. The company also noted that a different piece of malware was used in the second attack.

After the first breach, the company started rolling out some enhanced security measures which are believed to have significantly limited the damage caused by the second intrusion. More precisely, the company said the malware planted in the new attack only managed to capture data from checkout lanes at four franchised Cub Foods stores in Minnesota (Hastings, Shakopee, Roseville and White Bear Lake).

“For these four stores, SUPERVALU believes that the malware may have been successful in capturing account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some checkout lanes during the period of August 27 (at the earliest) through September 21 (at the latest), 2014; however, the Company has made no determination that any cardholder data was in fact stolen by the intruder,” Supervalu said.

The four Cub Food stores are affected because Supervalu has not completed the implementation of enhanced security measures at these locations.

The company is offering complimentary identity protection services through AllClear ID for a period of 12 months to customers who paid with their credit cards at the impacted Cub Foods stores.

Albertson’s stores operated by AB Acquisition LLC are also affected by the breach since Supervalu provides IT services to the company. According to a notice posted on the Albertson’s website, the incident affects Albertson’s stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah; ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw’s and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.

Advertisement. Scroll to continue reading.

“At this time there has not been a determination that any payment card data was in fact stolen as a result of either incident. Measures have been taken to prevent further use of this new and different malware in the affected store locations. We are also implementing additional measures to enhance the protection of customer payment card data,” AB Acquisition LLC said in a statement.

The first intrusion, which started sometime in late June, is still being investigated. However, Supervalu says it still hasn’t determined that payment card data was in fact stolen by the cybercriminals.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Cloud and cybersecurity MSP Ekco has appointed Ben Savage as UK CEO.

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.