Company News • 18.08.2014

Supervalu notifies customers of criminal computer intrusion at some of its owned and franchised stores

Supervalu announced that it experienced a criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores, including some of its associated stand-alone liquor stores. 

This criminal intrusion may have resulted in the theft of account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some point of sale systems at some of the Company’s owned and franchised stores.  The Company has not determined that any such cardholder data was in fact stolen by the intruder, and it has no evidence of any misuse of any such data, but is making this announcement out of an abundance of caution.

Supervalu believes that the payment cards from which such cardholder data may have been stolen were used during the period of June 22 (at the earliest) through July 17 (at the latest), 2014, at the 180 Supervalu stores and stand-alone liquor stores listed at www.supervalu.com under the Consumer Security Advisory section, operated under the Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save and Shoppers Food & Pharmacy banners.  The intrusion may also have resulted in the theft of such cardholder data from some cards used during this period at 29 franchised Cub Foods stores and stand-alone liquor stores, which are included in the store list referenced on the Supervalu website.  Supervalu currently believes that the intrusion did not affect any of its owned or licensed Save-A-Lot stores or any of the independent grocery stores supplied by the Company through its Independent Business network other than the franchised Cub Foods stores referenced above.  

Upon recognition of the intrusion, the Company took immediate steps to secure the affected part of its network.  An investigation supported by third-party data forensics experts is on-going to understand the nature and scope of the incident.  Supervalu believes the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores.

“The safety of our customers’ personal information is a top priority for us,” said President and CEO Sam Duncan.  “The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data.  I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores.”

The Company currently has no reason to believe that additional information beyond that described above may have been stolen by the intruder.  However, given the continuing nature of the investigation, it is possible that time frames, locations and/or at-risk data in addition to those described above will be identified in the future.

The Company has notified federal law enforcement authorities and is cooperating in their efforts to investigate this intrusion and identify those responsible for the intrusion.  This press release has not been delayed as a result of law enforcement investigation. Supervalu has also notified the major payment card brands and is cooperating in their investigation of the intrusion.

Source: Supervalu

channels: consulting, data storage