Supervalu Hacked Again


The Supervalu supermarket chain recently announced that malware was installed in late August or early September 2014 in the part of its network that processes payment card transactions for some of its Shop 'n Save, Shoppers Food & Pharmacy and Cub Foods stores.

Supervalu says the new breach appears to have no connection to (and leveraged different malware from) a breach announced in mid-August 2014 that may have exposed customer payment card data from 180 Supervalu stores, as well as several standalone liquor stores and some Albertsons stores.

The company says the actions it took following the earlier breach may have limited the impact of the more recent one. Specifically, while four franchised Cub Foods stores in Minnesota appear to have been affected, the company believes no payment card data was collected from any of the other affected stores.

A list of the affected Cub Foods locations can be viewed here [PDF].

In those four cases, the malware may have captured account numbers as well as in some cases the expiration date and/or the cardholder's name from payment cards used at some Cub Foods checkout lanes between August 27 and September 21, 2014.

"We’ve taken measures to install enhanced protective technology that we believe significantly limited the ability of this malware to capture payment card data and we will continue to make these investments going forward," Supervalu president and CEO Sam Duncan said in a statement.

Supervalu's announcement comes as new research finds that over a third of IT decision makers don't believe they have the ability to keep up with emerging security threats.

The SafeNet survey of 1,000 IT decision makers also found that 41 percent of respondents believe unauthorized users are able to access their networks, and 60 percent aren't confident that data would be secure in the event of a network perimeter breach.

"From the sheer volume of data breaches alone, it’s clear that if a cybercriminal wants to hack the system or steal data, they will find a way to do so," SafeNet chief strategy officer Tsion Gonen said in a statement. "So companies need to focus on what matters most -- protecting the data. That means building more intelligent security strategies and using defense-in-depth with multi-factor authentication and placing security directly on the data with encryption."

Recent research by HyTrust also found that 51 percent of consumers say they'll take their business elsewhere after a breach that compromises personal information, and 45.6 percent say companies should be considered criminally negligent the moment a breach occurs.

"Consumers have options, and when there are endless stories about the loss of confidential information, they’re going to other vendors," HyTrust president Eric Chiu said in a statement. "Every security breach clearly has a direct impact on operations, but there’s now clear evidence that there’s extensive brand damage as well, and the executives involved will have to pay the price."

RedSeal Networks chief evangelist Steve Hultquist said by email that the news of Supervalu's second breach makes it abundantly clear that cyber security requires a more proactive approach across the board.

"As breach reports continue to grow, and reports of repeated attacks on the same targets also become more common, enterprises' approach to defense must expand from the more typical reactive monitoring and alerting to also include automated cyber attack prevention by analyzing the entire end-to-end network, the security architecture, and auditing possible access paths to make sure all controls are operating as intended and will survive network changes," Hultquist said.

A recent eSecurity Planet article offered several tips on how to respond to a data breach, from working with an independent security firm to communicating clearly with the public regarding the details of the breach.