On Monday, Supervalu announced that it has again found itself the victim of a security breach. Malware was recently discovered on the company’s point of sale systems, and is believed to have been planted in late July or early September.
“The Company has been informed that different malware was used in this recently discovered incident than was used in the incident previously announced on August 14, 2014,” said Supervalu in an official statement released earlier this week. “The investigations into both this incident and the earlier incident are ongoing. The new malware may have captured account numbers, expiration dates, other numerical information and/or the cardholders’ names.”
The malware in question is a different strain than the one that perpetrated the August attack. For this reason, Supervalu believes that the two incidents are unrelated. The previous breach affected 180 store locations and customers across 21 states.
It also resulted in a lawsuit filed against the company in the U.S. District Court for the Southern District of Illinois, claiming failure to comply with best practices and industry standards concerning point of sale security. The suit also claims that Supervalu neglected to make customers aware of the breach in a timely manner, although an alleged 40 million credit cards were affected.
After the August breach, Supervalu implemented updated security software to prevent data from being stolen at point of sale terminals. However, the new technology had not yet been deployed in four store locations at the time of the breach, so the data from those retailers may have been stolen.
The groceries in question are located in Shakopee, Hastings, White Bear Lake and Roseville, Minnesota. There has not yet been any evidence that material was stolen from Supervalu customers, but the company is offering free identity protection services for those targeted.
In January 2013, Supervalu sold 900 stores nested under five different brand names to AB Acquisition, which corporation was also affected by the malware. The AB stores impacted include Shaw’s, Star Markets, Jewel-Osco, ACME Markets and Albertsons.
“We sincerely regret that our customers’ data was targeted,” said Bob Miller, CEO at AB Acquisition. “We are taking appropriate measures to enhance the protection of our customers’ payment card data. We are working closely with all parties on the investigation into this incident.”
Show your customers that you value their security and wellbeing by protecting them from cyber-criminals and identity thieves. Pick a point of sale system for your business that not only has inventory tracking and multiple terminal capabilities but also boasts a security system that can effectively keep hackers at bay. When consumers shop at your company they’re trusting you to guard their personal data. Make sure to do just that by choosing the right software for your team.