Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking
    • Storage

    Payment Card Breach Hits Supervalu Retail Chain

    By
    Sean Michael Kerner
    -
    August 15, 2014
    Share
    Facebook
    Twitter
    Linkedin
      Supervalu data breach

      American consumers are being alerted to yet another large consumer data breach, this time at grocery supermarket chain Supervalu.

      In a public statement, Supervalu confirmed that that there was a payment card breach and consumer information may have been stolen from 180 Supervalu-affiliated stores across the United States. Supervalu has posted a full list of the affected stores, a large number of which are in Minnesota, Virginia, Illinois, Missouri and Maryland.

      According to the company, attackers may have stolen customer payment card account holder names, numbers and expiration data. Supervalu is now offering complimentary consumer identity protection to impacted customers for the next 12 months.

      “The safety of our customers’ personal information is a top priority for us,” Sam Duncan, Supervalu president and CEO, said in a statement. “The intrusion was identified by our internal team, it was quickly contained and we have had no evidence of any misuse of any customer data.”

      Supervalu is not providing any specifics at this time on how the breach occurred. In the last year, multiple point-of-sale (POS) system breaches and exploits have been reported. Target publicly revealed it was breached on Dec. 9, 2013, in an attack that now carries a price tag of approximately $148 million. Restaurant chain P.F. Chang’s revealed on June 12 that it, too, is a victim of a POS attack.

      At the beginning of August, the U.S. Secret Service warned about Backoff POS malware that targets retailers’ systems. According to security vendor Trustwave, some 600 business have been impacted by Backoff.

      Security experts eWEEK spoke with were not surprised by the new Supervalu breach and expect more to come in the months ahead.

      “We are going to see more retail breaches,” Eric Cowperthwaite, vice president of advanced security and strategy at Core Security, said. “The bad guys have clearly improved their capability with regard to point-of-sale systems and payment card data breaches.”

      Cowperthwaite added that what were once accepted as solid standard practices in retail payment card security are now out of date. He noted that restaurant, hospitality, health care and retail organizations are especially dependent on payment card systems. If attackers can breach the retail industry, then restaurants, hotel chains and hospital systems are exposed to just as much risk, Cowperthwaite said.

      John Prisco, president and CEO at Triumfant, also isn’t surprised and isn’t optimistic about retail security. “No one should be surprised about retail breaches,” Prisco said. “Retailers do not invest enough in cyber-security, and why should they? Consumers keep shopping at their stores.”

      Looking into the mechanics of what is known about the Supervalu breach indicates that it is similar in many respects other recent breaches.

      Lucas Zaichkowsky, enterprise defense architect at AccessData, commented that Supervalu’s public statement indicates that criminals accessed the portion of their network that processes payment card transactions for multiple store locations. “That’s the usual modus operandi of highly skilled and experienced criminal hackers,” Zaichkowsky said. “By stealing administrator passwords and blending in as a legitimate system administrator, they’re able to maneuver from the business network to the segmented and better secured corporate card data environment.”

      Zaichkowsky added that the attackers’ ultimate goal is to reach the corporate location that acts as a relay hub for transaction data coming from multiple stores, enabling them to steal all the payment card data at a single point.

      Payment Card Breach Hits 180 Supervalu Stores and Affiliates

      Finding a solution to POS data breaches is challenging, but there are a number of options. Some suggest that the use of chip-and-PIN credit cards, also known as EMV technology, can be used to reduce the risk.

      “Incorporating chip-and-pin technology into POS systems is one of the strongest measures that retailers can take to protect their customers,” Hord Tipton, executive director at ISC2, said. “Unfortunately, without mass adoption, retailers will continue to deal with the fallout associated with losing valuable customer information, further weakening public trust in performing credit and debit card transactions with confidence.”

      EMV technology, however, is not necessarily a silver bullet for POS security. At the recent Black Hat USA security conference, multiple researchers detailed vulnerabilities and risks with EMV card systems.

      AccessData’s Zaichkowsky noted that he and several other payment security specialists recommended that merchants deploy card readers that perform full encryption and that they use one supported by their payment processor that acts as the decryption point.

      “The card reader should support encrypting the traditional magnetic stripe, EMV chips and manually keyed-in card numbers,” Zaichkowsky said. “With point-to-point encryption implemented from the card reader to the payment processor, the merchant POS systems never handle payment data in the clear.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Careers

      SThree’s Sunny Ackerman on Tech Hiring Trends

      James Maguire - June 9, 2022 0
      I spoke with Sunny Ackerman, President/Americas for tech recruiter SThree, about the tight labor market in the tech sector, and much needed efforts to...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×