Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

New Data Breaches Hit Supervalu, Albertson’s

Supermarket chains Supervalu and Albertson’s revealed on Monday that some of their payment processing systems have once again been breached.

Supermarket chains Supervalu and Albertson’s revealed on Monday that some of their payment processing systems have once again been breached.

In a security advisory posted on its website, Supervalu said cybercriminals installed a piece of malware on a section of its computer network that handles payment card transactions for Shop’n Save, Shoppers Food & Pharmacy and Cub Foods Aestores, including some associated stand-alone liquor stores.

The incident, which took place in late August or early September, is a separate breach from the one announced by the company on August 14. The company also noted that a different piece of malware was used in the second attack.

After the first breach, the company started rolling out some enhanced security measures which are believed to have significantly limited the damage caused by the second intrusion. More precisely, the company said the malware planted in the new attack only managed to capture data from checkout lanes at four franchised Cub Foods stores in Minnesota (Hastings, Shakopee, Roseville and White Bear Lake).

“For these four stores, SUPERVALU believes that the malware may have been successful in capturing account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some checkout lanes during the period of August 27 (at the earliest) through September 21 (at the latest), 2014; however, the Company has made no determination that any cardholder data was in fact stolen by the intruder,” Supervalu said.

The four Cub Food stores are affected because Supervalu has not completed the implementation of enhanced security measures at these locations.

The company is offering complimentary identity protection services through AllClear ID for a period of 12 months to customers who paid with their credit cards at the impacted Cub Foods stores.

Albertson’s stores operated by AB Acquisition LLC are also affected by the breach since Supervalu provides IT services to the company. According to a notice posted on the Albertson’s website, the incident affects Albertson’s stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah; ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw’s and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.

Advertisement. Scroll to continue reading.

“At this time there has not been a determination that any payment card data was in fact stolen as a result of either incident. Measures have been taken to prevent further use of this new and different malware in the affected store locations. We are also implementing additional measures to enhance the protection of customer payment card data,” AB Acquisition LLC said in a statement.

The first intrusion, which started sometime in late June, is still being investigated. However, Supervalu says it still hasn’t determined that payment card data was in fact stolen by the cybercriminals.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.