There’s never a good time for a data breach. But for Jewel-Osco, it couldn’t have come at a worse time.
The Chicago-area grocery chain, now back in the Albertsons fold after being offloaded by Supervalu, has long enjoyed market-leading status. But when Safeway pulled up stakes by folding Dominick’s late last year, the Chicago grocery market entered a new phase of transformation. Dozens of former Dominick’s locations went up for grabs, snapped up by popular newcomer Mariano’s, Whole Foods and a variety of independent operators, as well as Jewel.
Meanwhile, Jewel took the opportunity of the Dominick’s departure to re-establish itself as Chicago’s original hometown grocer, refreshing and remodeling stores, boosting its product offerings and trumpeting its local roots in the face of upstart competitors.
The last thing you want while trying to cement your position at the top is to make people scared to shop at your stores.
Shared IT Services
But a data breach revealed to have struck stores owned and operated by Supervalu Inc. earlier this summer has also impacted Jewel-Osco, Acme, Shaw’s and Star Markets, banners that Supervalu sold to Albertsons parent AB Acquisition LLC last year.
The connection? Supervalu provides third-party IT services to Albertsons, which reports that credit and debit card data was compromised at all Jewel stores in Illinois, Indiana and Iowa, as well as Acme markets in Delaware, Maryland, New Jersey and Pennsylvania; Shaw’s and Star Markets in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island; and Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah. However, Albertsons stores in Arizona, Arkansas, Colorado, Florida, Louisiana, New Mexico and Texas, and two Super Saver Foods Stores in Northern Utah, do not appear to have been impacted, Albertsons reports.
Spokespersons for Albertsons and Supervalu did not respond Friday to messages seeking comment about the IT relationship between the two companies.
The retailers said unauthorized access may have started as early as June 22 and ended as late as July 17. “We know our customers are concerned about the security of their payment card data, and we work hard to protect it,” said Mark Bates, AB Acquisition’s SVP and CIO. “As soon as we were notified of the incident, we began working closely with Supervalu to determine what happened. It’s important to note that there is no evidence at this point that consumer data has been misused.”
AB Acquisition believes that the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores.
However, given all that was eventually revealed in the aftermath of the data breach at Target late last year, this new incident is yet further evidence of the struggles companies are facing to keep customer data safe and their confidence levels intact.
Save-A-Lot, Indies Not Impacted
For its part, Supervalu said that payment card numbers, expiration dates and cardholder names may have been stolen from transactions at the 180 stores it operates under its Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save and Shoppers Food & Pharmacy banners, as well as 29 franchised Cub Foods stores and standalone liquor stores. The wholesale distributor also maintains that none of its corporate or licensed Save-A-Lot stores, or any of the independent grocery stores it supplies through its Independent Business network, other than those franchised Cub Foods locations, have been impacted.
“The safety of our customers’ personal information is a top priority for us,” said Supervalu President and CEO Sam Duncan. “The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data. I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores.”
Supervalu officials also believe they have contained the breach and shoppers can safely use their credit and debit cards. An investigation supported by third-party data forensics experts is ongoing to understand the nature and scope of the incident. Further, both companies are cooperating with federal law enforcement in investigating the incident and have posted information on their consumer websites on how shoppers can check their credit reports.
Staying on top of the situation is going to be crucial for these grocers, as officials at Target learned all too well, as that retailer cleaned its executive house and spent millions to repair the damage done by its lapse in digital security.
Electronic payments are ubiquitous, and mobile technology’s role in retailing is approaching that point, making tech security an absolute necessity for grocers looking to inspire confidence with their shoppers.