Grocer Supervalu discloses another breach

Grocery retailer Supervalu said it is investigating another breach of its payment card processing network—about six weeks after an August announcement that it discovered malware on payment processing systems at some supermarket and liquor stores franchises.

As it still investigates the first breach, the Eden Prairie, Minn.-based company, one of the largest grocery wholesalers and retailers in the US, said more malware was installed on point-of-sale machines at some owned and franchised Shop ‘n Save, Shoppers Food & Pharmacy and Cub Foods stores.

However, it looks like the malware exposed cards used in checkout lanes only at four Cub Foods locations in Minnesota.

“The company believes this was a separate intrusion from the one announced on August 14,” Supervalu said in a statement. “Upon recognition of this intrusion, the company took immediate steps to secure the affected part of its network and believes it has eradicated the malware.”

In August Supervalu said an indeterminate amount of payment card information was exposed to a hacker from June 22 to July 17, but the company said it has found no evidence any cardholder data was stolen.

Again for the recent breach, which lasted from August 27 to September 21, Supervalu said it “made no determination that any cardholder data was in fact stolen by the intruder.”

The grocer said it has notified federal authorities and notified major payment card brands.

“Given the continuing nature of the investigation, it is possible that time frames, locations, at-risk data and/or other facts in addition to those described will be identified in the future,” Supervalu said.