Supervalu Becomes Another Hacking Victim

plover sends this news about another possible exposure of customer data: Supervalu is the latest retailer to experience a data breach, announcing today that cybercriminals had accessed payment card transactions at some of its stores. The Minneapolis-based company said it had "experienced a criminal intrusion" into the portion of its computer network that processes payment card transactions for some of its stores. There was no confirmation that any cardholder data was in fact stolen and no evidence the data was misused, according to the company. The event occurred between June 22 and July 17, 2014 at 180 Supervalu stores and stand-alone liquor stores. Affected banners include Cub Foods, Farm Fresh, Hornbacher's, Shop 'n Save and Shoppers Food & Pharmacy.

Albertsons too

[Anonymous Coward]

Albertsons too

http://www.chicagotribune.com/business/breaking/chi-report-jewel-osco-hacked-20140815-story.html

No Surpris

[TechyImmigrant]

They can't even spell their own name.

Re:Why do they have this data in the first place?

[plover]

There are typically two phases to processing credit. In the first phase, called authorization, the terminal sends the request to the bank via their processor and requests authorization: hey, bank, will you approve $100? The bank sends back a 'yes' which is returned to the terminal, but no money changes hands at this time. The processor saves up the day's batch of authorization requests.

In the second phase, called settlement, the processor sends the batch to the bank, either later that night, or every few hours, or whenever. The bank then transfers the funds for every authorized transaction in the batch.

This is different from debit, where the funds are transferred in a single step.

Re:

[wkk2]

Do chip and pin cards even work in the US? I've tried at Home Depot, Staples, Walmart, USPS, and even a small haircut place and the cards don't work. One place even yelled at me for trying to use the chip slot.

Re:

[plover]

Chip and PIN cards don't work at most U.S. retailers today, but as of October 2015 the Payment Card Industry has scheduled a change to the contracts to in what is being called the "liability shift". It means that whoever has the least security in the payment chain will be held liable for non-payment or fraud for the charges incurred. So if Home Depot doesn't accept a chip card, and your bank's card has a chip on it, then Home Depot will be liable because their system is the least secure. Or if Home Depot

In other news

[TechyImmigrant]

SuperValu are the the only ones. Targe, WallMar and Whole Food were also hacked.

Re:

[TechyImmigrant]

Oh noes

Re:

[uCallHimDrJ0NES]

That's not how you spell Hole Foods.

Re:

[Loopy]

If I had them, all my mod points are belong to you.

I protest

[Mister Liberty]

To the misuse of the word 'hacking'.

vegetable section: IT offices

[swschrad]

fact is, it's a pretty soft underbelly, this electronic commerce thing. it's the system that's rotten, and the top bananas are way green in this stuff. going to be a lot of meat robots canned before electronic payments make the cut.

Exactly.

[WindBourne]

It is cheaper and faster to simply buy an insider.

First Target, now this?

[miller701]

What's going on with picking' on our nice Minnesota retailers? I guess Best Buy is next!

What do all of these companies have in common?

[WindBourne]

1) They run Windows.
2) they have outsourced to India esp. the production.
3) nearly all of these companies do NOT operate in India, EXCEPT for hiring coders/admin.

You have systems admin that are paid less than $8,000 / year. If you are Russia or China, would you spend large sums of money to break into a store to get access to a production system, all while having your insider possibly getting caught, OR, would you spend just 50K, approach an admin that is doing work on production and all s?he has to do,

For those thinking that these are insider jobs

[WindBourne]

BTW, for those that think that these were companies that were cracked by ppl walking into the stores, here you go
www.chicagotribune.com/business/breaking/chi-report-jewel-osco-hacked-20140815-story.html

The list of retailers that have been hit by breaches just this year includes Recreational Equipment Inc., CVS/Caremark, Goodwill Industries International Inc., Ebay, Aaron Brothers, Sally Beauty Supply, Home Depot, Sears, Michaels Stores and Neiman Marcus.

And that does not include either Jewel Osco, Target, or Supervalu. In addition, all have been done in less than 9 months.
So, is this ppl running around the nation going into all of these companies? Nope. Possibly a backdoor was found on the network equipment. But, I suspect that they have simply bought some ppl in the nations that they have outsourced to.