SuperValu announced Monday that it has been hit by a second attack on its payment processing systems.
The supermarket operator, which provides technology to thousands of grocery stores, is one of the country’s largest operators, with annual sales of $17 billion.
The most recent attack involved malware installed on the part of SuperValu’s computer network that processes card payments. Shop ‘n Save, Shoppers Food & Pharmacy and Cub Foods are said to be some of the stores affected.
Although SuperValu hasn’t found any evidence that cardholder data was stolen, this second breach in a matter of months no doubt comes as a further embarrassment to the company.
SuperValu was first hit by a cyber attack in June after a network intrusion was discovered that may have resulted in criminals accessing customer data from its point-of-sale systems.
Securing an organization’s systems from a cyber attack is a critical business issue, yet many managers and CEOs see it as prohibitively complex and unwelcomely expensive. Take for example Home Depot; in a recent interview with ex-employees about the breach that exposed 56 million credit and debit cards, employees said that ‘over the years, when they sought new software and training, managers came back with the same response: “We sell hammers.”’
This backward-thinking approach to information security management can be immensely damaging to a company and can not only affect an organization’s reputation, but can ruin customer and stakeholder trust, damage share prices and injure the longevity of the business itself.
IT Governance’s PCI Qualified Security Assessors (PCI QSAs) work with retailers all the time so we recognize the competing pressures of managing the retail sales business and ensuring payment card security.
Organizations should remember, however, that neglecting security is a sure-fire way of reducing the amount of retail sales business they need to manage. SuperValu’s sales were $17.16 billion last year. We wonder what their figures will look like at the end of 2014…