Supermarket chains Albertsons and Supervalu say their computer networks were hacked in recent months, a cybersecurity breach that potentially exposes the credit and debit card information of customers across the country.
Meanwhile, an operator of hospitals nationwide said cyber crooks accessed the Social Security numbers and addresses of millions of patients.
The grocery chains said the intrusion apparently took place between June 22 and July 17, 2014, and involved the hacking of computer systems that process debit and credit card transactions. As of mid-August, Supervalu Inc. and AB Acquisition LLC, the parent company of Albertsons, said they had uncovered no evidence that payment card information was stolen or misused.
Neither company gave an estimate as to how many customers might have been affected.
“We understand the inconvenience and concern an incident like this can cause, and we deeply regret that our customers’ data was targeted,” Albertsons’ Chief Operating Officer Bob Butler said in an Aug. 15 statement posted on the company’s website.
The breaches are related in that Supervalu has been providing IT services to the affected Albertsons and Albertsons-owned stores. Both companies said they believe any security holes have been secured and that customers may safely use their cards at the affected stores.
Minnesota-based Supervalu said the intrusion affected 180 stores and stand-alone liquor stores operating under the names Farm Fresh, Shop ’n Save, Cub Foods, Hornbacher’s, and Shoppers Food & Pharmacy. The security breach affected stores in Minnesota, North Carolina, North Dakota, Illinois, Virginia, Missouri and Maryland.
Supervalu has about 35,000 employees, a network of more than 3,300 stores in the United States and annual sales of $17 billion, according to the company’s website.
Albertsons, based in Idaho, reported that the intrusion affected 836 stores across the country. Nearly 400 of those were Albertsons in southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Utah. Albertsons-owned ACME Markets, Jewel-Osco, Shaw’s and Star Markets accounted for the remainder.
AB Acquisition has more than 1,000 stores and distribution centers, and 115,000 employees, according to its website.
The intrusion into the grocers’ computer networks joins a fast-growing string of cyber attacks against national corporations. Just days after Albertsons and Supervalu announced they had been hacked, hospital operator Community Health Systems Inc. said China-based cyber criminals stole data relating to 4.5 million patients. The illegally accessed information included patients’ Social Security and phone numbers, addresses and birthdays but not medical or credit card details, the company said in an Aug. 18 filing with the U.S. Securities and Exchange Commission.
The Tennessee-based healthcare company believes the breach occurred in April and June 2014 and said it has eradicated the malware and taken steps “to protect against future intrusions of this type.”
In December 2013, Target announced that its networks had been hacked and that information relating to 70 million customers had been stolen. An additional 40 million payment card numbers were also compromised, Target said. Neiman Marcus and Michaels stores also announced breaches that resulted in the potential theft of millions of payment card numbers.
In August 2014, Milwaukee-based Hold Security announced that it had discovered a cache of 1 billion email account credentials amassed by a Russian cyber gang. The data was stolen from 420,000 web and FTP sites, according to the company.
A May 2014 report by CNNMoney estimated that the personal information of 47% of American adults had been exposed in the preceding 12 months, with as many as 432 million accounts hacked in that time.