The Grocery giants Albertsons and SUPERVALU posted on Thursday a data breach notification related to an Incident Involving Payment Card Data Processing.
Albertsons is the second largest grocery store chain in the US, meanwhile SUPERVALU is the third one and owned/operated Albertsons and other stores until a 2013, when it was acquired by AB Acquisitions for $3.3 billion.
The data breach may have exposed the credit and debit card data of an unknown number of its customers, which have acquired products at various grocery stores in more than 18 states.
“AB Acquisition LLC, which operates Albertsons stores under Albertson’s LLC and ACME Markets, Jewel-Osco, and Shaw’s and Star Markets under New Albertson’s, Inc., recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of its stores.” States the notification published on the AB Acquisitions LLC, the company that operates the Albertsons grocery store empire.
The incident apparently occurred in June 22th and lasted until July 17th, SUPERVALU also confirmed that 180 of its Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save and Shoppers Food & Pharmacy supermarket and liquor store locations suffered a data breach.
“We know our customers are concerned about the security of their payment card data, and we work hard to protect it,” “As soon as we were notified of the incident, we began working closely with SUPERVALU to determine what happened. It’s important to note that there is no evidence at this point that consumer data has been misused.” said Mark Bates, Senior Vice President and Chief Information Officer at AB Acquisition LLC.
In response to the incident, the company immediately reported to law enforcement the data breach and is working with staff at SUPERVALU to identifie any link between the two crimes and understand the nature and scope of the compromise.
”The appropriate federal law enforcement authorities have been notified, and AB Acquisition is working closely with its third party IT services provider, SUPERVALU, to better understand the nature and scope of the incident. Third-party data forensics experts are supporting an ongoing investigation. AB Acquisition has not determined that any cardholder data was in fact stolen, and currently it has no evidence of any misuse of any such data.” Continues the notification.
Also SUPERVALU has notifies the incident to its customers, the company claimed a “criminal intrusion may have resulted in the theft of account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name from payment cards used at some point of sale systems at some of the Company’s owned and franchised stores.”
“The safety of our customers’ personal information is a top priority for us,” “The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data. I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores.” said SUPERVALU President and CEO Sam Duncan.
In time I’m writing both companies, victims of the incidents, haven’t discovered any abuses of the stolen payment card data.
Users that will notice suspicious activity on their credit or debit card can report it to law enforcement.
Stay tuned for further information of the incidents.
(Security Affairs – SUPERVALU , data breach)