NEW YORK – A data breach at Supervalu may have affected as many as 200 of its grocery and liquor stores and potentially affected retail chains recently sold by the company in two dozen states.
The announcement lengthens the list of retailers that have had security walls breached in recent months, including Target, P.F. Chang’s and even the thrift store operations of Goodwill Industries International Inc.
Hackers accessed a network that processes Supervalu transactions, with account numbers, expiration dates, cardholder names and other information possibly stolen, the company said. Those systems are still being used by the stores sold off by Supervalu last year for $3.3 billion, potentially opening up customer data at those stores as well.
The breach happened between June 22 and July 17, according to Supervalu, which said it took immediate steps to secure that portion of its network.
The cards from which data may have been stolen were used at 180 Supervalu stores and liquor stores run under the Cub Foods, Farm Fresh, Hornbacher’s, Shop ‘n Save and Shoppers Food & Pharmacy names. Data also may have been stolen from 29 franchised Cub Foods stores and liquor stores. Those stores are in North Dakota, Minnesota, Illinois, Virginia, North Carolina, Maryland and Missouri.
But Supervalu said that a related criminal intrusion occurred at the chain stores it sold to Cerebus Capital Management LP in March 2013, stores that Supervalu continues to supply with information technology services.
Those stores include Albertsons, Acme, Jewel-Osco, Shaw’s and Star Market — and related Osco and Sav-on in-store pharmacies in two dozen states.
Cerebus affiliate AB Acquisition said that it’s working closely with Supervalu to evaluate the scope of the potential breach.
Supervalu has yet to determine if any cardholder data was actually stolen and said Friday that there’s no evidence of any customer data being misused. Information about the breach was released out of “an abundance of caution,” the company said.
The company believes that the intrusion has been contained and it said it is confident that people can safely use credit and debit cards at its stores.
Supervalu and AB Acquisitions are offering customers whose cards may have been affected a year of consumer identity protection services via AllClear ID.
Supervalu also has created a call center to help answer customer questions about the data breach and the identity protection services being offered. The call center can be reached at 855-731-6018. Customers may also visit Supervalu’s website under the Consumer Security Advisory section to get more information about the data breach and the identity protection services.
There are efforts underway to make credit and debit cards more secure following a rash of security breaches in recent months.
Target Corp. said this month that expenses tied to a breach leading up to last year’s holiday shopping season could reach as high as $148 million. The incident led to a major shakeup at the company and CEO Gregg Steinhafel resigned.
Restaurant operator P.F. Chang’s confirmed in June that data from credit and debit cards used at its restaurants was stolen. There have been smaller breaches at Neiman Marcus and Michaels Stores Inc.