A data breach at Supervalu Inc., one of the largest grocery wholesalers and retailers in the U.S., could affect thousands of people who shopped at the company’s stores between June 22 and July 17, including stores in New Hampshire.
Shaw’s and Star Market stores in Maine, Massachusetts, Vermont, New Hampshire were affected.
Shaw’s supermarkets currently operates 28 stores in New Hampshire. The stores affected by the breach also include 180 Supervalu stores operated under the Hornbacher’s Shop ‘n Save, Shoppers Food & Pharmacy, Farm Fresh and Cub Foods banners.
Credit and debit card data may also have been obtained from customers of Albertsons stores in nine states, including California, Idaho, Montana, Washington and Oregon. In addition, ACME market stores in Pennsylvania, Maryland, Delaware and New Jersey.
Customers of all Jewel-Osco stores operating in Illinois, Indiana and Iowa were also affected.
Supervalu Inc. said the data may have been stolen from cards used in Supervalu stores from June 22 to July 17 following a network intrusion, the Eden Prairie, Minn.-based company said in a statement. Payment companies have been notified and law-enforcement agencies are investigating, it said.
Supervalu joins a lengthening list of companies whose systems have been compromised. Minneapolis-based retailer Target Corp. was victim of a breach last year that allowed hackers to gain access to payment data for 40 million customers’ cards. Hackers in Russia have amassed 1.2 billion sets of looted user names and passwords, the largest known cache of stolen personal information, U.S. company Hold Security said this month.
Cybercrime costs as much as $575 billion a year and remains a growth industry with attacks on banks, retailers and energy companies that will worsen, according to a June report by the Washington-based Center for Strategic and International Studies and sponsored by network security company McAfee Inc.
“We have had no evidence of any misuse of any customer data,” Supervalu Chief Executive Officer Sam Duncan said in Friday’s statement. “I regret any inconvenience that this may cause our customers, but want to assure them that it is safe to shop in our stores.”
The company is offering consumers affected by the breach a year’s worth of free identity protection services.
In a separate statement, AB Acquisition, which owns and operates Albertson’s, ACME, Jewel-Osco, Shaw’s and Star Markets said it is working closely with Supervalu to find out what exactly happened and what data might have been stolen.
Mark Bates, senior vice president and CIO at AB Acquisition, reiterated that there is no evidence yet that the breached data has been misused. Like Supervalu, AB Acquisition will offer one year of free identity protection services for customers whose payment cards may have been affected.
Such breaches threaten to drive customers away and can also be dangerous for company executives.
Target’s board ousted CEO Gregg Steinhafel in the wake of the data theft last year. The retailer’s reputation and store visitor numbers were hurt after the attack became public in December, while its U.S. comparable-store sales fell 2.5 percent in the fourth quarter. Target said earlier this year that it would spend $100 million to accelerate the rollout of cards with better security technology.
Luxury retailer Neiman Marcus and LivingSocial, the daily coupon website based in Washington, were also hit by cyber-attacks in 2013.
While some of the highest-profile victims of hacking have been U.S. companies, the problem is global. Orange, France’s largest phone company, said in May that 1.3 million people had personal information stolen because of a breach in a technical platform, the second attack on the company this year.