Supervalu Inc. has experienced data breaches that might have involved data theft. According to the company, it has not yet determined whether the criminal breach of its payment card processing systems actually included theft of cardholder data, but it is notifying customers “out of an abundance of caution.”

Because Supervalu provides third-party information technology services to AB Acquisition LLC, which owns Albertson’s LLC and New Albertson’s Inc., cards used at a number of the stores in the Albertsons network are affected as well as some corporate and franchised Supervalu outlets.
 

EDEN PRAIRIE, Minn. — Supervalu Inc. has experienced data breaches that might have involved data theft. 

Supervalu Inc. has experienced data breaches that might have involved data theft. 

According to the company, it has not yet determined whether the criminal breach of its payment card processing systems actually included theft of cardholder data, but it is notifying customers “out of an abundance of caution.”

Because Supervalu provides third-party information technology services to AB Acquisition LLC, which owns Albertson’s LLC and New Albertson’s Inc., cards used at a number of the stores in the Albertsons network are affected as well as some corporate and franchised Supervalu outlets.

Data affected includes that from payment cards used between June 22 and July 17 at 180 Supervalu food stores and stand-alone liquor stores. Supervalu banners involved include Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save and Shoppers Food & Pharmacy. Cards used at 29 franchised Cub Foods stores may also have been affected.

According to AB Acquisition, Albertsons stores in southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and southern Utah were affected as well as Acme Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco outlets in Iowa, Illinois and Indiana; and Shaw’s and Star Markets stores in New England.

At present, Supervalu management does not believe the intrusion affected any of its 1,300-plus corporate or licensed Save-A-Lot hard discount grocery stores, or any of the independent supermarkets supplied by Supervalu’s Independent Business wholesale arm, other than the Cub Foods franchised units. Additionally, Albertsons stores in Arizona, Arkansas, Colorado, Florida, Louisiana, New Mexico and Texas, as well as two Super Saver Foods Stores in northern Utah, do not appear to have been involved in the breach.

Supervalu executives say that as soon as the breach was discovered the company acted to secure the affected part of its network and launched an ongoing investigation, supported by third-party forensics experts, to determine the nature and scope of the breach. At this point, management believes the intrusion has been contained and that customers can safely use credit and debit cards in its stores.

"The safety of our customers’ personal information is a top priority for us," says president and chief executive officer Sam Duncan. "The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data."

Supervalu has also notified federal law enforcement authorities and is cooperating with their investigation of the incident. Customers whose payment cards might have been affected are being offered 12 months of complimentary consumer identity protection service through AllClear ID. Finally, the company has established a call center to answer customer questions about the breach and the identity protection services being offered.