Supervalu The Latest Retailer To Disclose Data Breach

Supervalu The Latest Retailer To Disclose Data Breach

The Eden Prairie-based grocery chain said Friday it identified a criminal intrusion affecting at least 180 stores in up to five states, including Minnesota.

Another major Minnesota business may have fallen victim to a data breach affecting customers’ payment card data, as grocery chain Supervalu disclosed Friday announcement a possible criminal intrusion.

The Eden Prairie-based company said that a hack into its computer network may have affected grocery and liquor stores in up to five states, resulting in the potential theft of account numbers, expiration dates, other numerical information or cardholder names from payment systems.

Supervalu said cards from which data may have been stolen were used in Minnesota, Missouri, Illinois, Maryland and Virginia from June 22 through July 17 at 180 stores and stand-alone liquor stores run under the Cubs Foods, Farm Fresh, Hornbacher’s, Shop ‘n Save and Shoppers Food & Pharmacy names. The company said the intrusion may have also caused the theft of data from cards used at 29 Cub Foods stores and liquor stores.

Supervalu said it didn’t believe the intrusion affected any of its owned or licensed Save-A-Lot stores but did announce a related breach at some stores owned and operated by Boise, Idaho-based Albertson’s LLC and New Albertson’s Inc., to which Supervalu provides information technology services.

Supervalu is not yet sure whether data was indeed stolen or misused, but said it contained the intrusion and that customers are safe to use credit and debit cards in its stores. A third-party investigation into the nature and scope of the intrusion is underway, Supervalu said, and the company also notified federal law enforcement to help identify those responsible.

“The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data,” Supervalu President and CEO Sam Duncan said in a statement. “I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores.”

Supervalu is offering customers whose cards may have been affected a year of complimentary consumer identity protection services. It also opened a call center for questions related to the incident. Customers may call (855) 731-6018 Monday through Saturday from 8 a.m. to 8 p.m.

Supervalu is among Minnesota’s 10 largest public companies, with more than $17 billion in revenue for the fiscal year ending February 23.  On the heels of the disclosure, shares of the company’s stock dipped about 3 percent at $9.30 during Friday morning trading.

The company is the second Minnesota business to be hit by a data breach in the past year. Earlier this month, Minneapolis-based retail giant Target announced that it expected its December 2013 breach to cost the company at least $148 million in its second quarter. The breach, and other company woes, preceded CEO Gregg Steinhafel stepping down in May.

This year data breaches have also beset the Chinese restaurant operator P.F. Chang’s, the thrift store operations of Goodwill Industries International Inc., and retailers Neiman Marcus and Michaels Stores Inc.