Another U.S. Retailer becomes a Victim of Card-Payment Fraud

Why can’t the $100 billion security industry stop hackers? Despite technological revolutions, hackers are still invading industrial systems to retrieve confidential information, leading to a rise in the number of fraud cases and hacks in recent years. A recent case has come to light highlighting the largest-ever retailer in the U.S. to have become a victim of card-payment fraud.

U.S. supermarket chain Supervalu recently admitted to hacking and loss of customer card data. The company faced intrusion in the network that processes payments for some of its 3,320 stores. The data breach is believed to have taken place between June 22 and July 17. Information pertaining to parameters such as cardholder names, account numbers and expiration dates has been stolen from cards used at points of sale in owned as well as franchised stores.

The breach has also affected some stores of the retailer Albertsons, which uses Supervalu’s third-party IT services. The data breach has affected roughly 200 of Supervalu’s grocery and liquor stores and hundreds of other stores that Supervalu recently sold. Apart from Supervalu’s own brands, such as Cub Foods, Hornbacher’s and Farm Fresh, the breach also affected Acme Markets, Jewel-Osco, Shaw’s and Star Markets brands.

As many as 1,000 stores are believed to have been affected by the breach, which was caused by hackers using malicious software on the POS network targeting cash registers and terminals handling credit- and debit-card transactions. Supervalu has posted an official list of affected stores on the company’s website. The company is offering 12 months of free identity-protection services to customers whose cards may have been affected.

The intrusion was identified by our internal team, said Sam Duncan, Supervalu’s CEO, in a press release. It was quickly contained, and we have had no evidence of any misuse of any customer data. I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores.

AB Acquisition is working with Supervalu to investigate the breach. The attack on Supervalu is similar to other high-profile data breaches that have taken place in recent years. A notable one is that of the massive attack on Target stores in 2013, which led to the loss of 40 million payment-card numbers and the personal information of 70 million shoppers.

Within a span of eight months in 2013-2014, Michael’s Stores and its Aaron Brothers subsidiary became victims of a fraud case involving the loss of 2.6 million customer credit- and debit-card numbers at Michael’s stores and around 40,000 at Aaron Brothers stores. Hackers have also targeted a number of merchants, including luxury retailer Neiman Marcus Group, restaurant chain P.F. Chang’s China Bistro and Goodwill Industries International’s thrift stores.

The recent data breaches have raised questions about whether organizations should always notify their customers, vendors and authorities immediately after a breach. Breaches place a huge burden on banks. The cost of fraud on cards issued by U.S. banks reached $18 billion last year.

Banks and merchants are making big efforts to roll out new technology to make card transactions safer. Banks are planning to issue chip-embedded payment cards, while merchants are upgrading their terminals to incorporate next-generation payment cards. MasterCard and Visa are propelling the long-overdue entry of EMV-based chip-enabled cards into the card-payment market. Other major initiatives include collaborations between MasterCard and First Data and between Visa and FIS. New research reveals that 575 million U.S. payment cards will feature EMV-chip security by the end of next year.