Supervalu latest to suffer hack attack
Target isn’t the only retail store operator in Minnesota with data security issues. Eden Prairie-based Supervalu announced it too suffered a "criminal intrusion" into its computer network somewhere between June 22 and July 17.
According to a statement issued by Supervalu, the data breach "may have resulted in the theft of account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some point of sale systems at some of the company’s owned and franchised stores."
At this point. Supervalu has not determined if cardholder data was stolen and there has been no evidence so far that customers’ personal data is being misused.
Stores potentially affected include Cub Foods, Farm Fresh, Hornbacher’s, Shop ‘n Save and Shoppers Food & Pharmacy banners. LU stores and stand-along liquor stores may also have been compromised.
"The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data," said Sam Duncan, Supervalu president and CEO, in a statement. "I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores."
Discussion Questions
How do you expect consumers who shop at Supervalu-owned or franchised stores to respond to the news of the criminal intrusion into the company’s computer network? Will they be satisfied with Supervalu’s response?
This stuff will continue to happen, as criminals have nothing better to do. It is a sad commentary on our society, and it makes these companies look bad. I just hope it is not an internal crime, which would really hurt the company, and make it tougher to deal with the media backlash. Consumers just want to shop and not worry about the hackers out there, but the best of systems are vulnerable to these high-tech criminals, and it will continue to happen.
Is there a foolproof system out there? I doubt it, and how quickly the companies can recover from this is important, along with catching these folks, and putting them behind bars.
Since nearly all retailers that take credit cards have had a security breach, consumers are numb to the news. Many retailers simply prefer not to even disclose there has been a data breach so as not to cause panic. Grocers like Aldi, WinCo and Woodman’s have developed a fool proof way of preventing a data breach. They don’t take credit cards. Financially they are a lot more successful than most grocers, so do the math. Consumers should freeze their credit so no one can look at it. That would take a lot of worry away.
Most shoppers will be unaware or not care too much, because these events happen too often. No consumers seem to have suffered too much by these criminal intrusions. As for Supervalu’s response, customers will not be totally satisfied with it, but unless some bad news comes out about big personal losses, they aren’t disposed to worrying about either.
The number one thing that ticked me off about the Target handling of the breech was that they kept referring to me as a guest and not a customer.
As long as Supervalu treat their customers as customers and does what’s right, I don’t see them having a long-term problem.
While a retailer has to exercise due diligence and process to protect consumer data, in reality it’s time to look backwards in the credit card chain and ask why the U.S. has one of the most antiquated credit card media management/authorization systems in the world. While it will always be a struggle to stay a step ahead of the next inspired hacker, we’re a few steps behind, mired in a magnetic stripe-based network.
David Livingston nailed it when he talked about the “foolproof” way to avoid breaches: Don’t take or use credit cards. Any customers who aren’t concerned about these breaches must live in la la land. I’m not saying that customers should stay away because of the breach, but becoming jaded and acting if the problem doesn’t exist just because it’s becoming more common surely can’t be the appropriate response.
Consumers are becoming accustomed to data breaches, so the breach itself may not draw much ire from shoppers. In my opinion, customer reaction to Supervalu will be directly related to the transparency of communication and speed at which it is delivered from the grocer.
Here’s the one statement that got my attention in the discussion article: “At this point, Supervalu has not determined if cardholder data was stolen and there has been no evidence so far that customers’ personal data is being misused.”
Shouldn’t brands experiencing a breach assume that the data will be misused unless the perpetrators are stopped. Do they need painful evidence to accept that breaches lead to misuse of data?
Maybe that is the first point to be addressed by Supervalu.
Consumers are very concerned about data breaches, and-one action they can take-they’re willing to transfer their brand loyalty quickly to another merchant if, in the event of a data breach, they find their merchant is not forthcoming. Rapid and transparent communications to the customers, along with rapid action to repair the vulnerabilities, are the keys to maintaining trust. From the merchant perspective it is not necessary to stop taking credit cards in order to avoid data breaches.
As Mark Bower, VP at Voltage Security, said: “By now, every retailer is aware of the risks of malware in the POS, the impact, and the simple fact being compliant to PCI doesn’t equate to mitigating advanced threats that no doubt again stole the gold in this case. The only way to neutralize this risk is to avoid any sensitive data passing in and through the vulnerable POS or retail IT. Hundreds of thousands of merchants already do this today with proven approaches using the latest innovations in data-centric security and are able to brush off such attacks like water off a ducks back. These risks are totally avoidable – and at a fraction of the cost of the fallout from dealing with the consequences.”
As many have said, these kinds of hacks are happening a lot more than they should. The real scary part is, how many are going unreported?
There are a lot of resources going into Internet security, better technology, and security precautions in the network, but I see little in terms of training on the bottom tier of employees, the ones that operate the POS. This is a much harder problem as they are often times seasonal and transient.