Supervalu: Hackers Stole Credit Card Data From Cub Foods
NEW YORK (AP/WCCO) — Card data of Supervalu and Albertsons shoppers may be at risk in another hack, the two supermarket companies said Monday.
The companies said that in late August or early September, malicious software was installed on networks that process credit and debit card transactions at some of their stores. Albertsons said the malware may have captured data including account numbers, card expiration dates and the names of cardholders at stores in more than a dozen states. Supervalu said the malware was installed on a network that processes card transactions at several chains, but it believes data was only taken from certain checkout lanes at four Cub Foods stores in Minnesota.
Those stores are in Hastings, on Market Boulevard; in Roseville, on North Snelling Avenue; in Shakopee, on Vierling Drive East; and in White Bear Lake, on Meadowlands Drive.
Supervalu Inc. said it believes the malware was only able to capture card data from some checkout lanes at four Cub Foods locations in Minnesota because it had not finished making security improvements at those stores. The company, which is based in Eden Prairie, Minn., said it thinks it has gotten rid of the malware.
The malware was also installed on a network that processes card transactions at Shop 'n Save and Shoppers Food & Pharmacy stores as well as some stand-alone liquor stores, but the company, which has 3,320 stores, thinks the malware did not capture payment card data from any stores except possibly for the four in Minnesota.
Supervalu sold the Albertsons, Acme, Jewel-Osco, Shaw's and Star Market chains to Cerberus Capital Management in 2013, but it still provides information technology services for those stores.
The companies also disclosed a data breach in August. They said the two incidents are separate. Supervalu said that incident may have affected as many as 200 grocery and liquor stores. It said hackers accessed a network that processes Supervalu transactions, with account numbers, expiration dates, card holder names and other information.
That breach occurred between June 22 and July 17, and Supervalu said it immediately began working to secure that portion of its network. The companies said Monday that they are still investigating that incident and don't know if cardholder data was taken.
The latest breach follows big hacks that affected millions of customers at Home Depot, Target and other retailers over the past year.
(TM and © Copyright 2014 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2014 CBS Broadcasting Inc. Used under license. All Rights Reserved.This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)
