Supervalu Announces Fresh Hacking Incident

Media Division | October 2, 2014

Supervalu, the grocery retailer with thousands of stores, has been hacked… again.

The retailer announced on Monday that a hacker injected malware, in late August or early September, into a part of its network system that processes credit card transactions at its Shopper Food & Pharmacy, Shop n’ Save, Cub Foods stores, and liquor stores.

This is the second time the company has been hacked in a few months. The retailer believes the malware was only able to take credit card data from some checkout lanes at the four Cub Foods locations in Minnesota because it didn’t finish making security improvements at those locations.

“We’ve taken measures to install enhanced protective technology that we believe significantly limited the ability of this malware to capture payment card data and we will continue to make these investments going forward,” Sam Duncan, president and CEO of Supervalu, said in a statement.

The announcement from the retailer comes after a new research revealed that over a third of IT decision makers don’t believe they are equipped with the measures to combat emerging security threats. The SafeNet survey of 1,000 IT decision makers informed that 41 percent respondents believed that unauthorized individuals are able to access their networks, and 60 percent aren’t confident about the security of their data in the aftermath of a network perimeter breach.

Supervalu warned customers that the hack may have been successful in capturing account numbers, as well as the expiration dates and other numerical information and the cardholder’s name, from debit and credit cards used at checkout lanes. The retailer is now cooperating with authorities for investigation on the matter. Customers who used their debit and credit card transactions at the affected stores are being offered one year’s worth of free consumer identity protection services.

Retailers continue to be an attractive target for hackers

The latest breach follows the hacking attacks that have affected millions of customers at Home Depot and other retailers over the year. Most transaction card readers used by retailers around the country process credit card numbers in plain text from the magnetic stripe found on most debit and credit cards.

In case of retailers like Target, malware was planted in point-of-sale systems after the hackers took the login credentials of the supplier that was using another portion of the retailer’s network. This could have been avoided if the retailer’s security team segmented the network to contain the damage.

Retailers also adopt the practice of using credit card data for more than completing transactions, which creates security vulnerabilities. For example, credit card data is often inserted into analytical systems used by marketing and advertising companies to track buying habits of customers. Retailers and marketing people need to understand that some data is just too dangerous to store.

What retailers need to do?

Overall, retailers need to adopt an approach to avoid the data breaches as it is the most costly thing that can happen to their business. Apart from financial losses, they also have to deal with loss of customer trust and negative reputation reporting. Customers have already indicated they will not buy from a retail chain that doesn’t take their identity and security seriously.

Supervalu and retailers who have been hacked so far need to address credit card hacking incidents with ground intelligence dedicated towards the detecting and mitigation of active threats. The aim should be the preservation of the integrity of their brands through effective prevention and counter-strategies.


Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.