retail news in context, analysis with attitude

The Wall Street Journal reports this morning that Supervalu is "investigating a potential data breach that might have affected more than 1,000 stores, according to people familiar with the situation, the latest attack against a big merchant in recent months.

"The breach appears to have taken place in late June or early July and may have resulted from hackers installing malicious software onto the company's point-of-sale network, these people said. That is the system that includes the cash register and terminals that handle credit card and debit card transactions."

Supervalu has not yet commented on the report, and has not yet informed customers of the possible breach, though this is not uncommon for retailers to keep their cards close to the vest until the extent of the breach has been established.

The Journal puts the potential breach into context:

"An attack on the company's point-of-sale system would be similar to other recent high-profile data breaches, most notably the massive hack that occurred at Target Corp. during the winter holiday-shopping season. In the incident, thieves stole 40 million payment-card numbers and the personal information of 70 million shoppers.

"Since then, hackers also have taken aim at a number of merchants, including luxury retailer Neiman Marcus Group, restaurant chain P.F. Chang's China Bistro Inc., and Goodwill Industries International Inc. thrift stores.

"Any new data breach is likely to stoke the growing concerns about security among merchants, consumers and card-issuing banks. Although shoppers usually aren't liable for purchases they didn't make, the incidents create headaches among consumers who need to file paperwork attesting that they didn't make the purchases."
KC's View:
Without knowing all the details, it is hard to comment … we're going to see an increasing number of these stories, I'm sure. I was talking to a knowledgeable tech guy the other day who told me that is is almost impossible to keep up, especially because the bad guys in such cases often can be supported by rogue states that have tons of money to throw at the creation of breaching technologies.

I do think that retailers are going to have to balance the need for discretion as law enforcement conducts investigations and the need for transparency to their customers.