Data breach may include Vermont Shaw’s stores
By MICHELLE CHAPMAN
THE ASSOCIATED PRESS | August 16,2014
NEW YORK — A data breach at Supervalu may have affected as many as 200 of its grocery and liquor stores as well as retail chains the company recently sold in Vermont and several other states.
The announcement lengthens the list of retailers that have had security walls breached in recent months, including Target, P.F. Chang’s and even the thrift store operations of Goodwill Industries International Inc.
Hackers accessed a network that processes Supervalu transactions, with account numbers, expiration dates, cardholder names and other information possibly stolen, the company said. Those systems are still being used by the stores Supervalu sold last year for $3.3 billion, potentially opening up customer data at those stores as well. On its website, Shaw’s reported that stores in Vermont, as well as Shaw’s and Star Market stores in Maine, Massachusetts, New Hampshire and Rhode Island, have been affected by the breach.
Massachusetts-based Shaw’s is owned by AB Acquisition LLC (known as “New Albertsons”), a company that utilizes Supervalu for IT services. Shaw’s operates 19 grocery stores in Vermont.
Shaw’s reported Friday that it has no evidence of misuse of any of its customers’ payment information.
The breach occurred between June 22 and July 17, according to Supervalu, which said it took immediate steps to secure that portion of its network.
The cards from which data may have been stolen were used at 180 Supervalu stores and liquor stores run under the Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save and Shoppers Food & Pharmacy names. Data may also have been stolen from 29 franchised Cub Foods stores and liquor stores. Those stores are in North Dakota, Minnesota, Illinois, Virginia, North Carolina, Maryland and Missouri.
But Supervalu said a related criminal intrusion occurred at the chain stores it sold to Cerebus Capital Management LP in March 2013. Those stores include Albertsons, Acme, Jewel-Osco, Shaw’s and Star Market — and related Osco and Sav-on in-store pharmacies in two dozen states.
Cerebus affiliate AB Acquisition said it’s working closely with Supervalu to evaluate the scope of the potential breach.
Supervalu has yet to determine if any cardholder data was actually stolen. Information about the breach was released out of “an abundance of caution,” the company said Friday.
The company believes that the intrusion has been contained and said it is confident that people can safely use credit and debit cards at its stores.
Supervalu and AB Acquisitions are offering customers whose cards may have been affected a year of consumer identity protection services via AllClear ID.
Supervalu has also created a call center to help answer customer questions about the data breach and the identity protection services being offered. The call center can be reached at 855-731-6018. Customers may also visit Supervalu’s website under the Consumer Security Advisory section to get more information about the data breach and the identity protection services.
There are efforts underway to make credit and debit cards more secure after a rash of security breaches in recent months.
Target Corp. said this month that expenses tied to a breach leading up to last year’s holiday shopping season could reach as high as $148 million. The incident led to a major shakeup at the company, and CEO Gregg Steinhafel resigned.
Restaurant operator P.F. Chang’s confirmed in June that data from credit and debit cards used at its restaurants was stolen. There have been smaller breaches at Neiman Marcus and Michaels Stores Inc.