Supervalu said the intrusion may have resulted in the theft of
account numbers and other numerical information from payment cards
used at some point-of-sale systems at the company's owned and
The data breach appears to have taken place during the period of
June 22 through July 17, said the retailer.
"The intrusion was identified by our internal team, it was quickly
contained, and we have had no evidence of any misuse of any customer
data," Supervalu CEO, Sam Duncan, said in a statement early on
Supervalu, which had 3,763 outlets as of April, said customers can
safely use their credit and debit cards in its stores.
The company also said it has notified federal law enforcement
authorities and is cooperating in their efforts to investigate this
intrusion. It has also notified the major payment card brands.
Companies in the United States, particularly retailers, have been
targeted by hackers for customer data on payment cards.
U.S. retailer Target Corp is struggling to win back customers after
it suffered a huge data breach last year that resulted in the theft
of 40 million payment card numbers and 70 million other pieces of
customer data such as email addresses and phone numbers.
Michaels Stores Inc, the biggest U.S. arts and crafts retailer, said
in May it also suffered a security breach that may have affected
about 2.6 million payment cards.
Reuters reported in January that smaller breaches on at least three
other well-known retailers in the country took place and were
conducted using similar techniques as the one on Target.
[to top of second column]
Retailers are often reluctant to report breaches out of concern it
could hurt their businesses. Target only acknowledged its 2013
attack after security blogger Brian Krebs reported the breach,
prompting inquiries from journalists and investors.
Most states have laws that require companies to contact customers
when certain personal information is compromised. In many cases the
task of notification falls on the credit card issuer.
Merchants are required to report breaches of personal information
including social security numbers.
(Reporting by Supriya Kurane and Ramkumar Iyer in Bangalore; Editing
by Lisa Shumaker and Ken Wills)
[© 2014 Thomson Reuters. All rights
2014 Reuters. All rights reserved. This material may not be
published, broadcast, rewritten or redistributed.