SuperValu, Albertson's Chains Suffer Data Breach

Save-A-Lot not affected, report officials

Published in CSP Daily News

EDEN PRAIRIE, Minn. -- SuperValu Inc. announced that it experienced a criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores and liquor stores.

The company said it believes that the payment cards from which such cardholder data may have been stolen were used during the period of June 22 through July 17, 2014, at the 180 SuperValu stores and liquor stores listed at www.supervalu.com under its "Consumer Security Advisory" section, operated under the Cub Foods, Farm Fresh, Hornbacher's, Shop 'n Save and Shoppers Food & Pharmacy banners.

The intrusion may also have resulted in the theft of such cardholder data from some cards used during this period at 29 franchised Cub Foods stores and liquor stores, which are included in the store list referenced on the SuperValu website.

In addition, some stores owned and operated by Albertson's LLC, Boise City, Idaho, and New Albertson's Inc., Spokane, Wash., suffered similar criminal intrusion, since SuperValu provides IT services to those companies, SuperValu officials said. They s included Albertsons stores under Albertson's LLC and ACME Markets, Jewel-Osco and Shaw's and Star Markets under New Albertson's Inc.

Based on information we have at this time, Albertsons stores in Arizona, Arkansas, Colorado, Florida, Louisiana, New Mexico, Texas and our two Super Saver Foods Stores in Northern Utah were not impacted by this incident. However, Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah were impacted. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw's and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were all affected by this incident.

The revelation follows the recent potential data theft at restaurant chain P.F. Chang's, as well as news from Hold Security, Milwaukee, which claims to have identified a Russian organization responsible for the theft of up to 1.2 billion user names and passwords. It also follows the early high-profile data breach at Target.

Continued on next page.

Pages