Data expert: 'Millions' could have had info compromised by Supervalu breach


While Eden Prairie-based Supervlau has not yet addressed how many of its grocery customers were affected by its recently-reported data breach, one security expert told the Business Journal that the number of credit card accounts involved could be "in the millions."

"It's pretty widespread and it was almost a full month of card usage. Millions of card numbers were probably stolen," said Evan Francen, president of the information security management company FRSecure in Waconia. "It's disappointing that they haven't been more forthcoming. No one really knows what's going on."

In a statement last week, Supervalu disclosed the breach. The grocery retailer and wholesaler said hackers infiltrated its network and accessed customer credit card information from June 22 through July 17. The breach hit 209 Supervalu stores including 59 Cub Foods stores in Minnesota.

A report in Tuesday's InfoSecurity magazine called the Supervalu breach "completely avoidable." The story said that retailers must adapt to block hackers who have exploited their security weaknesses to gain access to customer information. InfoSecurity interviewed a number of security experts who concluded that "...not making changes to account for this, given the ongoing tsunami of headlines about such breaches, is equivalent to pure negligence."

Philip Lieberman, president of Lieberman Software, told InfoSecurity that top executives at companies must take the data security issue seriously, or expect to be held accountable for the problems that result. He called for the firing of the top executive at Supervalu.

“This is another example of an incompetent retail CEO incapable of providing leadership and process to secure their organization,” he said via email. “Just as the CEO must manage his staff and assets, the CEO is responsible for protecting the security of his network and his customers. As in the Target case, the board should fire both the CEO and the senior IT management that allowed this to occur for gross negligence."

FOX Business reports that Community Health Systems said on Monday that the personal information of nearly 4.5 million patients was stolen by hackers. In a filing with the Security and Exchange Commission, the company, which operates 206 hospitals in 29 states, blamed hackers from China for installing “sophisticated malware” to attack the company’s security systems and copy and transfer hospital data.

The massive breach at Target last December is said to have cost the discounter $236 million so far.

Next Up