14 DAY TRIAL // A little over a month after announcing a compromise of its systems processing card information, Supervalu comes out with a new data breach disclosure, saying that some of its Shop ’n Save, Shoppers Food & Pharmacy and Cub Foods owned and franchised stores have been affected.
On August 15, Supervalu revealed that the payment systems at 180 of its locations had been compromised since June 22 through July 17, sensitive information being exposed, such as account numbers, expiration date and/or cardholder’s name.
Previous security upgrade may have prevented collection of data
The recent cyber-attack is believed to have started in late August or early September. The company says that a different malware has been used than in the previous incident; no evidence has been found of a connection between the two incidents.
“Upon recognition of this intrusion, the Company took immediate steps to secure the affected part of its network and believes it has eradicated the malware. An investigation of this recently discovered incident is underway,” a statement from Supervalu Inc. informs.
The security measures implemented after the previous attack appear to have paid off, since the company believes that the technology limited the malware’s ability to collect information from payment cards.
In fact, until the investigation is complete, there are no details to point to the fact that any card details have been collected in any of the affected stores, other than those at some checkout lanes at four Cub Foods franchised stores.
Farm Fresh or Hornbacher’s stores along with the Save-A-Lot locations also seem to be safe from the attack.
The authorities have been informed of the cybercriminal attempt and an investigation has been started into the matter, with full cooperation from the company.
President and CEO Sam Duncan said that although a round of security upgrades has been added to the Supervalu systems in the wake of the previous attack, the company will not stop investing in enhanced protective technology.
Affected stores did not benefit from enhanced protection
Four franchised Cub Foods stores in Hastings, Shakopee, Roseville (Har Mar) and White Bear Lake, Minnesota, were affected by the incident because they did not benefit from the upgrades implemented after the previous breach.
Data exposed at these locations consists of account numbers, as well as the expiration date in some cases. Other numerical information and/or the cardholder’s name have also been put at risk.
August 27 is given as the earliest start date for the intrusion, which lasted all through September 21, at the latest.
As the investigation continues, it is possible that breach times for each of the affected locations will be revealed by the company, as it did after the first attack.