Data expert: 'Millions' could have had info compromised by Supervalu breach


While Eden Prairie-based Supervlau has not yet addressed how many of its grocery customers were affected by its recently-reported data breach, one security expert told the Business Journal that the number of credit card accounts involved could be "in the millions."

"It's pretty widespread and it was almost a full month of card usage. Millions of card numbers were probably stolen," said Evan Francen, president of the information security management company FRSecure in Waconia. "It's disappointing that they haven't been more forthcoming. No one really knows what's going on."

In a statement last week, Supervalu disclosed the breach. The grocery retailer and wholesaler said hackers infiltrated its network and accessed customer credit card information from June 22 through July 17. The breach hit 209 Supervalu stores including 59 Cub Foods stores in Minnesota.

A report in Tuesday's InfoSecurity magazine called the Supervalu breach "completely avoidable." The story said that retailers must adapt to block hackers who have exploited their security weaknesses to gain access to customer information. InfoSecurity interviewed a number of security experts who concluded that "...not making changes to account for this, given the ongoing tsunami of headlines about such breaches, is equivalent to pure negligence."

Philip Lieberman, president of Lieberman Software, told InfoSecurity that top executives at companies must take the data security issue seriously, or expect to be held accountable for the problems that result. He called for the firing of the top executive at Supervalu.

“This is another example of an incompetent retail CEO incapable of providing leadership and process to secure their organization,” he said via email. “Just as the CEO must manage his staff and assets, the CEO is responsible for protecting the security of his network and his customers. As in the Target case, the board should fire both the CEO and the senior IT management that allowed this to occur for gross negligence."

FOX Business reports that Community Health Systems said on Monday that the personal information of nearly 4.5 million patients was stolen by hackers. In a filing with the Security and Exchange Commission, the company, which operates 206 hospitals in 29 states, blamed hackers from China for installing “sophisticated malware” to attack the company’s security systems and copy and transfer hospital data.

The massive breach at Target last December is said to have cost the discounter $236 million so far.

Next Up

overturned semi truck

Winter storm creates whiteout conditions, closing roads and causing crashes

Roads in southwestern Minnesota were closed early Friday, while slippery conditions elsewhere in the state led to crashes and spinouts.


Hennepin Theatre Trust announces 2021-22 Broadway schedule

Health and safety protocols will be in place based on state guidance.

Tim Walz

Walz to hold press conference on MN State Capitol safety concerns

This comes amid ongoing threats to state Capitols across the country.

Screen Shot 2020-08-14 at 6.45.53 PM

Brooklyn Park standoff: Suspect kills himself, child taken hostage is safe

The standoff ended Thursday night when the suspect shot himself.

police tape, crime scene

Man dies in alley after report of shooting in Minneapolis

Police were sent to the scene by ShotSpotter activation.


COVID-19 shines a light on the struggles facing Minnesota's working mothers

Daycare and school closures have put working families under pressure, with mothers bearing the brunt.

Prada Purse2

Border patrol in Minneapolis intercepts shipment of 173 counterfeit designer bags

If they were authentic, they would have been worth about $405,975.

Minneapolis City Hall

Minneapolis councilors propose replacing police department, rent stabilization

Council members are also proposing two charter amendments to help renters in Minneapolis.

Vaccine COVID

MDH expands COVID guidance, urges providers to vaccinate the 65+

More vaccine guidance will be provided in the coming days.