There's no sign of the hackers slowing down either. Next up to bat is supermarket chain Supervalu, which is investigating a potential data breach that may have affected a number of its food stores, including some of its stand-alone liquor stores. It is anticipated that the breach resulted in the theft of account numbers and other payment cards information used at POS systems in both company-owned and franchised stores.
The data breach is estimated to have taken place between June 22 and July 17, according to the retailer. SuperValu estimates that 180 stores and stand-alone liquor stores, operated under the Cub Foods, Farm Fresh, Hornbacher’s, Shop n Save and Shoppers Food & Pharmacy banners have been effected. The intrusion may also have resulted in the theft of such cardholder data from some cards used during this period at 29 franchised Cub Foods stores and stand-alone liquor stores, which are included in the store list referenced on the the retailer's website. At this time the retailer has stated that the intrusion did not affect any of its owned or licensed Save-A-Lot stores.
"The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data," Supervalu CEO, Sam Duncan, said in a statement on Friday.
Supervalu, which had 3,763 outlets as of April, said customers can safely use their credit and debit cards in its stores. The company also notified major payment card brands as well as federal law enforcement authorities, and is cooperating with the investigation.
While many retailers try not to report breaches due to a concern that it could hurt their businesses – this year retailers have surrendered. Target acknowledged its attack after security blogger Brian Krebs reported the breach, prompting inquiries from journalists and investors.
Most states have laws that require companies to contact customers when certain personal information is compromised – however, in many cases the notification falls on the credit card issuer. Retailers are only obligated to report breaches of personal information, including social security numbers.