Computer hackers have struck Supervalu a second time, but the company said Monday it believes this intrusion didn’t lead to mass pilfering of customer data.
Still, Supervalu acknowledged that hackers may have nabbed customers’ card information at four Cub Foods stores in Twin Cities suburbs. Supervalu owns Cub Foods, the metro area’s largest supermarket chain.
The four stores are franchises in Shakopee, Hastings, White Bear Lake and the Har Mar location in Roseville.
Supervalu said the new hack, which occurred in late August or early September, was significantly limited by new protective technology that the Eden Prairie-based company recently installed. But at the four Cub stores, the new technology hadn’t yet been fully adopted.
In mid-August, Supervalu revealed that hackers had attacked computer systems containing customer information from 1,016 grocery and liquor stores around the country, including 60 in Minnesota. In that breach between June 22 and July 17, Supervalu acknowledged that some customer data may have been stolen.
In the latest incident, a hacker installed malware into the portion of Supervalu’s computer network that processes payment cards at some of its Cub stores, as well as its Shop’n Save and Shoppers Food & Pharmacy chains located respectively in the St. Louis and the Washington, D.C., areas.
But with the new breach, Supervalu’s enhanced protective technology “significantly limited” the malware’s effectiveness, the company said. “Supervalu believes that this malware did not succeed in capturing data from any payment cards used at any stores other than at some checkout lanes at four Cub Foods franchised stores.”
Supervalu believes the malware may have succeeded in capturing account numbers, and in some cases, expiration dates, and cardholders’ names at the four stores.
The breach in Shakopee, Hastings, White Bear Lake and the Har Mar location in Roseville occurred between August 27 and September 21.
Supervalu hasn’t determined if any data was stolen, though that is a possibility.
In essence, the new hack — except for at the four Twin Cities stores — was like a foiled bank robbery, in which thieves get into a bank, but can’t crack open the safe, said Jeff Swanson, a Supervalu spokesman.
In this case, the hacker got into the system but couldn’t for the most part grab the valuables: customer data.
“It appears that where the protection is in place, [the new security technology] worked,” said Swanson.
For customers who used their cards at the four Twin Cities Cub stores during the second breach, Supervalu is offering one year of free identity theft protection services.
Customers should call Supervalu’s call center at 1-855-731-6018 for more information.
Most Cub stores are owned directly by Supervalu, but several are owned by franchisees.