Grocery store chain Supervalu announced this week that its point of sale systems were infected with malware sometime in late August or early September. An intruder apparently used a different kind of malware than was discovered in the previous Supervalu security breach, and the two incidents are believed to be unrelated.
Supervalu believes it has removed all malware from its systems, but thinks that data may have been stolen from four stores in Hastings, Shakopee, White Bear Lake and Roseville, Minnesota. These four locations were apparently particularly vulnerable to the malware because the security technology implemented after August's breach had not yet been deployed in these stores.
Data may therefore have been stolen from point of sale terminals in these areas, although there is no evidence of this as of yet.
"The Company has been informed that different malware was used in this recently discovered incident than was used in the incident previously announced on August 14, 2014," said Supervalu in a public announcement on Monday. "The investigations into both this incident and the earlier incident are ongoing. The new malware may have captured account numbers, expiration dates, other numerical information and/or the cardholders' names."
Supervalu is currently the third-largest food retailer in the United States, earning $34.3 billion in revenue for 2013. The company is currently cooperating with federal investigations into the matter and is offering identity protection for affected customers.
"We sincerely regret that our customers' data was targeted," says Bob Miller, CEO at AB Acquisition. "We are taking appropriate measures to enhance the protection of our customers' payment card data. We are working closely with all parties on the investigation into this incident."
In this era of rampant security breaches, be sure to protect your customers by choosing a card processing software you can trust.