U.S. supermarket chain Supervalu investigating potential data breach

(Reuters) - Supervalu Inc said it is investigating a potential data breach that could have affected some of its retail food stores, including some of its associated stand-alone liquor stores.

Supervalu said the intrusion may have resulted in the theft of account numbers and other numerical information from payment cards used at some point-of-sale systems at the company's owned and franchised stores.

The data breach appears to have taken place during the period of June 22 through July 17, said the retailer.

"The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data," Supervalu CEO, Sam Duncan, said in a statement early on Friday.

Supervalu, which had 3,763 outlets as of April, said customers can safely use their credit and debit cards in its stores.

The company also said it has notified federal law enforcement authorities and is cooperating in their efforts to investigate this intrusion. It has also notified the major payment card brands.

Companies in the United States, particularly retailers, have been targeted by hackers for customer data on payment cards.

U.S. retailer Target Corp is struggling to win back customers after it suffered a huge data breach last year that resulted in the theft of 40 million payment card numbers and 70 million other pieces of customer data such as email addresses and phone numbers.

Michaels Stores Inc, the biggest U.S. arts and crafts retailer, said in May it also suffered a security breach that may have affected about 2.6 million payment cards.

Reuters reported in January that smaller breaches on at least three other well-known retailers in the country took place and were conducted using similar techniques as the one on Target.

Retailers are often reluctant to report breaches out of concern it could hurt their businesses. Target only acknowledged its 2013 attack after security blogger Brian Krebs reported the breach, prompting inquiries from journalists and investors.

Most states have laws that require companies to contact customers when certain personal information is compromised. In many cases the task of notification falls on the credit card issuer.

Merchants are required to report breaches of personal information including social security numbers.

(Reporting by Supriya Kurane and Ramkumar Iyer in Bangalore; Editing by Lisa Shumaker and Ken Wills)

source: 
Reuters