(Changes source, adds CEO comment and details from statement)
Aug 15 Supervalu Inc said it is
investigating a potential data breach that could have affected
some of its retail food stores, including some of its associated
stand-alone liquor stores.
Supervalu said the intrusion may have resulted in the theft
of account numbers and other numerical information from payment
cards used at some point-of-sale systems at the company's owned
and franchised stores.
The data breach appears to have taken place during the
period of June 22 through July 17, said the retailer.
"The intrusion was identified by our internal team, it was
quickly contained, and we have had no evidence of any misuse of
any customer data," Supervalu CEO, Sam Duncan, said in a
statement early on Friday.
Supervalu, which had 3,763 outlets as of April, said
customers can safely use their credit and debit cards in its
The company also said it has notified federal law
enforcement authorities and is cooperating in their efforts to
investigate this intrusion. It has also notified the major
payment card brands.
Companies in the United States, particularly retailers, have
been targeted by hackers for customer data on payment cards.
U.S. retailer Target Corp is struggling to win back
customers after it suffered a huge data breach last year that
resulted in the theft of 40 million payment card numbers and 70
million other pieces of customer data such as email addresses
and phone numbers.
Michaels Stores Inc, the biggest U.S. arts and crafts
retailer, said in May it also suffered a security breach that
may have affected about 2.6 million payment
Reuters reported in January that smaller breaches on at
least three other well-known retailers in the country took place
and were conducted using similar techniques as the one on
Retailers are often reluctant to report breaches out of
concern it could hurt their businesses. Target only acknowledged
its 2013 attack after security blogger Brian Krebs reported the
breach, prompting inquiries from journalists and investors.
Most states have laws that require companies to contact
customers when certain personal information is compromised. In
many cases the task of notification falls on the credit card
Merchants are required to report breaches of personal
information including social security numbers.
(Reporting by Supriya Kurane and Ramkumar Iyer in Bangalore;
Editing by Lisa Shumaker and Ken Wills)