US Supermarket Chain SuperValu Suspects Hackers Stole Customer Data

US retail giant SuperValu has revealed it is investigating a data breach that potentially involves the loss of customer financial information.

The company said attackers could have stolen credit and debit card account numbers from its Point-of-Sale (PoS) systems, although this would only affect customers who were shopping between the middle of June and middle of July. There are no details on the exact number of customers involved.

SuperValu has been in business for over a century. It is one of the largest food retailers in the US, operating more than 1,500 stores across the country. Sources told Wall Street Journal the breach could have affected as many as 1,000 stores, while SuperValu itself estimates this number to be much lower – just 209.

Your data is safe, maybe

“The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data,” Sam Duncan, CEO of SuperValu said in a statement.

The company encouraged customers to continue using their cards and shopping at the SuperValu-owned stores, while at the same time warning them to monitor their bank and credit card statements. It said the  attackers could have gained access to information about credit and debit cards used at some of its stores between 22 June and 17 July. After recognising the signs of intrusion, SuperValu secured the affected part of its network and inverted third-party data forensics experts.

The attackers could have had the opportunity to steal account numbers, and in some cases also the expiration dates, cardholder names and other personal information. The retailer said it has no reason to believe that any other information was compromised, but added that the investigation is on-going.

SuperValu has notified the federal law enforcement agencies and payment companies.

PoS malware was previously used to hit another major US retailer, Target, affecting 40 million credit and debit card accounts. And just like Target, SuperValu is offering customers whose payment cards may have been affected 12 months of complimentary consumer identity protection service.

The number of brick-and-mortar stores being hit by cyber criminals is steadily increasing, with this year’s notable victims including US-based luxury retailer Neiman Marcus and Chinese restaurant chain P.F. Chang’s.

In May, UK High Street footwear retailer Office admitted that hackers had breached its website. It said no financial information was compromised, but the attackers managed to gain access to customer details including names, physical addresses, phone numbers, email addresses and passwords.

What do you do when tech fails? Take our quiz!