The independent Eden Prairie based grocery retailer SuperValu has confirmed that there has been a “criminal intrusion” into the computer network used by the company to process credit card transactions. SuperValu is the parent company of a number of retail businesses, which may have been affected by the security breach.
Recently hackers gained access to patron credit card information at a significant number of SuperValu retail stores including Cub Foods, Shop ‘N Save, Hornbacher’s Farm Fresh and Shoppers Food & Pharmacy banners. By some reports, between 200 and 1000 stores in numerous states including Minnesota, Illinois, North Carolina, Maryland, Missouri, Virginia and North Dakota were affected by the security breach including some of the independent liquor stores under the parent company.
In addition to the SuperValu stores, other locations that were recently sold by the company may have also have had their credit card transaction processors hacked. These stores include those owned by the firm Cerberus Capital Management and include the popular grocery stores Albertsons, Star Markets, Acme Markets, Jewel-Osco, Shaw’s and possibly some Sav-on pharmacy locations. Although these stores were purchased from SuperValu in 2013, they still use the same computer technology to process their patron’s credit card transactions and thus may have been vulnerable to the network hack.
The security breach into the credit card transaction network occurred between June 22 and July 17, 2014. Although SuperValu cannot confirm that any customer data was actually stolen, the network contained sensitive credit card information including account numbers, cardholder identities and expiration dates. At this time, SuperValu believes that the security threat has been “contained” and that patrons of its stores can rest assured that their current credit and debit card transactions are secure. In addition, the company is providing its customers who used their cards during the vulnerable period a free year of identity protection services via the company AllClear ID. SuperValu has also provided a call center to answer consumer questions at (855) 731-6018.
SuperValu President and CEO Sam Duncan who has more than 40 years of retail experience including serving from 2005-2011 as Chairman, CEO & President of OfficeMax, issued a statement in which he said that the safety of customer’s personal information is a “top priority.” He further stated that when the company learned of the security breach which led to the potential hack to credit card transactions it was “quickly contained” and that there is no evidence of “any misuse of customer data.” In addition, Duncan regrets the inconvenience to customers and wants to “assure them that it is safe to shop” in the company’s stores.
SuperValu is a large parent company that has 35,000 employees, approximately 3,420 stores and an estimated annual sales revenue of $17 billion generated by its food distribution, retail stores, and discount stores. The company does have protection insurance in the event of cyber threats such as the one that occurred between June and July of this year. As such, any customers who had their credit card transactions hacked in any of the SuperValu stores “are not responsible for counterfeit fraudulent charges on their credit cards or debit cards” if such charges are reported in a timely manner. While this protection is extended to SuperValu customers, a written statement by the company makes clear that customers whose credit card transactions were hacked at stores sold by SuperValu, for example Albertson’s LLC or New Albertson’s, Inc. would not be protected by SuperValu’s cyber threat insurance. SuperValu recommends that customers report any suspicious activity on their credit or debit cards to their bank immediately.
By Alana Marie Burke