US retail giant SuperValu has revealed it is investigating a data breach that potentially involves the loss of customer financial information.
The company said attackers could have stolen credit and debit card account numbers from its Point-of-Sale (PoS) systems, although this would only affect customers who were shopping between the middle of June and middle of July. There are no details on the exact number of customers involved.
SuperValu has been in business for over a century. It is one of the largest food retailers in the US, operating more than 1,500 stores across the country. Sources told Wall Street Journal the breach could have affected as many as 1,000 stores, while SuperValu itself estimates this number to be much lower – just 209.
The company encouraged customers to continue using their cards and shopping at the SuperValu-owned stores, while at the same time warning them to monitor their bank and credit card statements. It said the attackers could have gained access to information about credit and debit cards used at some of its stores between 22 June and 17 July. After recognising the signs of intrusion, SuperValu secured the affected part of its network and inverted third-party data forensics experts.
The attackers could have had the opportunity to steal account numbers, and in some cases also the expiration dates, cardholder names and other personal information. The retailer said it has no reason to believe that any other information was compromised, but added that the investigation is on-going.
SuperValu has notified the federal law enforcement agencies and payment companies.
PoS malware was previously used to hit another major US retailer, Target, affecting 40 million credit and debit card accounts. And just like Target, SuperValu is offering customers whose payment cards may have been affected 12 months of complimentary consumer identity protection service.
The number of brick-and-mortar stores being hit by cyber criminals is steadily increasing, with this year’s notable victims including US-based luxury retailer Neiman Marcus and Chinese restaurant chain P.F. Chang’s.
In May, UK High Street footwear retailer Office admitted that hackers had breached its website. It said no financial information was compromised, but the attackers managed to gain access to customer details including names, physical addresses, phone numbers, email addresses and passwords.
What do you do when tech fails? Take our quiz!
Consumer group Choice files with privacy regulator to stop three major Australian retailers from collecting…
Danish competitor files fresh antitrust complaint against Google for Jobs, saying its search traffic fell…
Toshiba board expected to approve appointment of two external directors from hedge fund investors, making…
Shanghai electric vehicle maker Nio says it is investigating deaths of two people after one…