Security Experts See Common Threads in Retail Attacks
As details about the payments breach that struck select supermarkets owned by Supervalu and Albertsons continue to unfold, security experts say it's likely this latest attack is linked to other recent merchant breaches (see Supermarket Chain Reveals New Breach).
While it could take several weeks to months for the chains to reveal definitive details from their forensics investigations, experts say memory-scraping vulnerabilities within the chains' point-of-sale devices and software are likely to blame.
"From my perspective, what is clear with this recent data breach and all the big-box retailers being breached recently is that there does appear to be underground hackers - a gang, organized crime, loose group of hackers - that have been targeting these organizations," says Jon Clay, senior manager of threat research at security firm Trend Micro.
Until retail POS systems protect and encrypt data in memory, they will be susceptible to these types of attacks, experts agree.
"This has caused a slew of data breaches at big-box retailers of late and also caused major risks for consumers who are starting to feel distrust in using their credit cards and debit cards to purchase goods at these stores," Clay says.
Latest in a Series of Breaches
Since late 2013, a number of retail breaches have received national, and in some cases international, attention. The POS breaches that impacted the likes of Target Corp., Neiman Marcus, Sally Beauty and Michaels were just the beginning, as the industry has learned over the last eight to nine months. Most recently, the POS breach at P.F. Chang's China Bistro and the suspected breach at Goodwill Industries have garnered increasing industry attention, because both are suspected to have been linked to remote-access compromises, which are on the rise (see POS Vendor: Possible Restaurant Breach).
Financial fraud expert and distinguished Gartner analyst Avivah Litan says Supervalu and Albertsons are just two among numerous U.S. retailers that have probably already been breached.
"It's apparent and evident to me that the hackers have compromised various retail point-of-sale vendor software in a big way, and the public is just hearing about this in dribs and drabs," she says. "At some point, hopefully, law enforcement will uncover the ring(s) behind this and put an end to it. Until then, payer beware. I think we have to assume a big portion of POS systems in this country are compromised, or will be in short order."
Details about Supervalu Attack
On Aug. 14, Supervalu said that its network was likely breached on June 22 and that the intrusion continued until July 17. So far, the company has identified 180 Supervalu stores and standalone liquor stores that may have been compromised.
The impacted store brands include Cub Foods, Farm Fresh, Hornbacher's, Shop 'n Save, and Shoppers Food & Pharmacy.
Albertsons locations also may have been impacted by the breach, Supervalu says. Supervalu, which in January 2013 sold 877 of its stores to Albertsons' parent AB Acquisition LLC, continues to serve as a third-party IT services provider for those stores.
The possibly impacted brands include Albertsons, Acme Markets, Jewel-Osco, Shaw's and Star Markets, the company says.