SuperValu data breach notification - Criminal Intrusion in the 180 Corp. Owned &
Franchised Stores
EDEN PRAIRIE, Minn.--(BUSINESS
WIRE)--SUPERVALU INC. today is announcing that it experienced a criminal
intrusion into the portion of its computer network that processes payment card
transactions for some of its retail food stores, including some of its
associated stand-alone liquor stores. This criminal intrusion may have resulted
in the theft of account numbers, and in some cases also the expiration date,
other numerical information and/or the cardholder’s name, from payment cards
used at some point of sale systems at some of the Company’s owned and franchised
stores. The Company has not determined that any such cardholder data was in fact
stolen by the intruder, and it has no evidence of any misuse of any such data,
but is making this announcement out of an abundance of caution.
"The safety of our
customers' personal information is a top priority to us" |
SUPERVALU believes that the payment
cards from which such cardholder data may have been stolen were used during the
period of June 22 (at the earliest) through July 17 (at the latest), 2014, at
the 180 SUPERVALU stores and stand-alone liquor stores listed at
www.supervalu.com under the Consumer Security Advisory section, operated
under the Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save and Shoppers Food &
Pharmacy banners. The intrusion may also have resulted in the theft of such
cardholder data from some cards used during this period at 29 franchised Cub
Foods stores and stand-alone liquor stores, which are included in the store list
referenced on the SUPERVALU website. SUPERVALU currently believes that the
intrusion did not affect any of its owned or licensed Save-A-Lot stores or any
of the independent grocery stores supplied by the Company through its
Independent Business network other than the franchised Cub Foods stores
referenced above.
Upon recognition of the intrusion, the Company took immediate steps to secure
the affected part of its network. An investigation supported by third-party data
forensics experts is on-going to understand the nature and scope of the
incident. SUPERVALU believes the intrusion has been contained and is confident
that its customers can safely use their credit and debit cards in its stores.
“The safety of our customers’ personal information is a top priority for us,”
said President and CEO Sam Duncan. “The intrusion was identified by our internal
team, it was quickly contained, and we have had no evidence of any misuse of any
customer data. I regret any inconvenience that this may cause our customers but
want to assure them that it is safe to shop in our stores.”
The Company currently has no reason to believe that additional information
beyond that described above may have been stolen by the intruder. However, given
the continuing nature of the investigation, it is possible that time frames,
locations and/or at-risk data in addition to those described above will be
identified in the future.
The Company has notified federal law enforcement authorities and is cooperating
in their efforts to investigate this intrusion and identify those responsible
for the intrusion. This press release has not been delayed as a result of law
enforcement investigation. SUPERVALU has also notified the major payment card
brands and is cooperating in their investigation of the intrusion.
Although SUPERVALU has not determined that any cardholder data was in fact
stolen by the intruder, and it has no evidence of any misuse of any such data,
the Company is offering customers whose payment cards may have been affected 12
months of complimentary consumer identity protection services through AllClear
ID. SUPERVALU has established a call center to answer customer questions about
the intrusion and the identity protection services being offered. This call
center will be staffed Monday through Saturday from 8 a.m. to 8 p.m. Central
time and can be reached at (855) 731-6018. Customers can now call this number at
their convenience, and a recorded message will be available with information
regarding the intrusion. Customers can also visit
www.supervalu.com under the Consumer Security Advisory section for
additional information about the intrusion and the complimentary consumer
identity protection services being offered through AllClear ID.
Customers are not responsible for counterfeit fraudulent charges on their credit
cards or debit cards that are timely reported. Accordingly, if customers become
aware of such activity, they should contact their issuing bank immediately.
Below is a “Consumer Identity Protection Reference Guide” that details the steps
customers can take to protect their information against potential misuse,
including the option to place a fraud alert or a security freeze on their credit
file. SUPERVALU urges customers to be vigilant and closely review or monitor
their bank and credit card statements, credit reports and other financial
information for any evidence of identity theft or other unusual activity. The
Company reminds its customers that under U.S. law, individuals are entitled to
one free credit report annually from each of the three major credit bureaus. To
obtain a free credit report, customers should visit
www.annualcreditreport.com or call, toll free, (877) 322-8228.
Some stores owned and operated by Albertson’s LLC and New Albertson’s, Inc.
suffered a related criminal intrusion. For more information about the intrusion
affecting Albertson’s LLC and New Albertson’s, Inc. stores, please visit
albertsons.com, acmemarkets.com, jewelosco.com, or shaws.com. SUPERVALU provides
information technology services to these Albertson’s LLC and New Albertson’s,
Inc. stores pursuant to transition services agreements, and we have been working
together to respond to the intrusion into their stores. SUPERVALU believes that
any losses incurred by Albertson’s LLC or New Albertson’s, Inc. as a result of
the intrusion affecting their stores would not be SUPERVALU’s responsibility.
SUPERVALU maintains insurance for cyber threats, which it believes should
mitigate the financial effect of these intrusions on SUPERVALU, including claims
that might be made against the Company based on these intrusions. Based on
currently available information, SUPERVALU management does not believe that the
ultimate outcome of these intrusions, including any related lawsuits, claims or
other proceedings that might be initiated against the Company, will have a
material adverse impact on the Company’s consolidated results of operations,
cash flows or financial position.
Potential Data Breach May Have Affected More Than 1,000 Stores
Minneapolis-based Supervalu, which has 3,320 stores in all,
hasn't notified customers about the potential incident, said the people familiar
with the matter. Merchants often don't alert customers about breaches until they
know the scope of the attack. Supervalu had sales of roughly $17 billion last
year. It is the seventh-largest U.S. grocery chain, with a 2.1% market share,
and operates under brands such as Cub Foods, Farm Fresh and Save-A-Lot. An
attack on the company's point-of-sale system would be similar to other recent
high-profile data breaches, most notably the massive hack that occurred at
Target Corp. Since then, hackers also have taken aim at a number of merchants,
including luxury retailer Neiman Marcus Group, restaurant chain P.F. Chang's
China Bistro Inc., and Goodwill Industries International Inc. thrift stores. Any
new data breach is likely to stoke the growing concerns about security among
merchants, consumers and card-issuing banks. Most of Supervalu's stores are
independently run but receive their goods from Supervalu. The company also
handles the information-technology systems for those stores, as well as other
grocery chains. (Source
wsj.com)
|