×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Supervalu Becomes Another Hacking Victim

Soulskill posted about 4 months ago | from the another-day-another-breach dept.

Security 27

plover sends this news about another possible exposure of customer data: Supervalu is the latest retailer to experience a data breach, announcing today that cybercriminals had accessed payment card transactions at some of its stores. The Minneapolis-based company said it had "experienced a criminal intrusion" into the portion of its computer network that processes payment card transactions for some of its stores. There was no confirmation that any cardholder data was in fact stolen and no evidence the data was misused, according to the company. The event occurred between June 22 and July 17, 2014 at 180 Supervalu stores and stand-alone liquor stores. Affected banners include Cub Foods, Farm Fresh, Hornbacher's, Shop 'n Save and Shoppers Food & Pharmacy.

Sorry! There are no comments related to the filter you selected.

Albertsons too (1)

Anonymous Coward | about 4 months ago | (#47681511)

Albertsons too

http://www.chicagotribune.com/business/breaking/chi-report-jewel-osco-hacked-20140815-story.html

Re:Albertsons too (-1)

Anonymous Coward | about 4 months ago | (#47681667)

I live in Alaska. I am homeless. The biggest problem if you are homeless in Alaska is not being hacked, it's defecating. Wild bears are everywhere. Dunno HOW many times I've been dumping my ass in the woods, and alla sudden, you hear a noise, and it's a Wild Bear right next to you with the same idea. It can be unsettling to say the least. Once, I was crapping in a forest, reading the paper, and a Wild Bear came right up beside me, crouched down real low, and appeared to be looking at my paper, like he was tryna read it. I didn't even wipe. Got up real slow, left him my paper, and he seemed cool with that. Got that idea from an old book I found in the bathroom of a truck stop. Saved my bacon, I'll tell you that.

No Surpris (2)

TechyImmigrant (175943) | about 4 months ago | (#47681549)

They can't even spell their own name.

Why do they have this data in the first place? (0)

Anonymous Coward | about 4 months ago | (#47681573)

Aren't you supposed to delete this stuff as soon as you transmit it and receive payment confirmation?

Re:Why do they have this data in the first place? (3, Informative)

plover (150551) | about 4 months ago | (#47682049)

There are typically two phases to processing credit. In the first phase, called authorization, the terminal sends the request to the bank via their processor and requests authorization: hey, bank, will you approve $100? The bank sends back a 'yes' which is returned to the terminal, but no money changes hands at this time. The processor saves up the day's batch of authorization requests.

In the second phase, called settlement, the processor sends the batch to the bank, either later that night, or every few hours, or whenever. The bank then transfers the funds for every authorized transaction in the batch.

This is different from debit, where the funds are transferred in a single step.

Re:Why do they have this data in the first place? (1)

wkk2 (808881) | about 4 months ago | (#47685141)

Do chip and pin cards even work in the US? I've tried at Home Depot, Staples, Walmart, USPS, and even a small haircut place and the cards don't work. One place even yelled at me for trying to use the chip slot.

Re:Why do they have this data in the first place? (1)

plover (150551) | about 4 months ago | (#47686655)

Chip and PIN cards don't work at most U.S. retailers today, but as of October 2015 the Payment Card Industry has scheduled a change to the contracts to in what is being called the "liability shift". It means that whoever has the least security in the payment chain will be held liable for non-payment or fraud for the charges incurred. So if Home Depot doesn't accept a chip card, and your bank's card has a chip on it, then Home Depot will be liable because their system is the least secure. Or if Home Depot's systems are able to accept the chip cards, but your bank's card doesn't have a chip, then your bank will be liable. This penalty is a huge financial incentive for both retailers and banks to upgrade the security of their systems to fully support Chip and PIN by that date so they don't get left holding the bag.

Once Chip and PIN systems are deployed to most places, they will begin requiring the removal of mag stripes. That's when the final pieces of security will kick in, and account number theft will be essentially eliminated.

Re:Why do they have this data in the first place? (0)

Anonymous Coward | about 4 months ago | (#47683069)

> Aren't you supposed to delete this stuff as soon as you transmit it and receive payment confirmation?

One of the common "modern" hacks is to capture the data in transit. Like infecting the card-swipe machine to scrape the data out of RAM. So even when it isn't "stored" anywhere permanently the hackers still get copies. That was one of the techniques used against Target. [spideroak.com]

In other news (4, Funny)

TechyImmigrant (175943) | about 4 months ago | (#47681575)

SuperValu are the the only ones. Targe, WallMar and Whole Food were also hacked.

Re:In other news (0)

Anonymous Coward | about 4 months ago | (#47681605)

l2english noob.

Re:In other news (1)

TechyImmigrant (175943) | about 4 months ago | (#47681807)

Oh noes

Re:In other news (1)

uCallHimDrJ0NES (2546640) | about 4 months ago | (#47681823)

That's not how you spell Hole Foods.

Re:In other news (1)

Loopy (41728) | about 4 months ago | (#47682165)

If I had them, all my mod points are belong to you.

Hannaford (0)

Anonymous Coward | about 4 months ago | (#47681587)

For those of you on the east coast, this is also the parent company of Hannaford.

Between June 22 and July 17? (0)

Anonymous Coward | about 4 months ago | (#47681597)

So it went on for a month before anyone notice?

Fun fact (0)

Anonymous Coward | about 4 months ago | (#47681635)

Supervalu means incredible pain in Estonian.

I protest (1)

Mister Liberty (769145) | about 4 months ago | (#47681821)

To the misuse of the word 'hacking'.

vegetable section: IT offices (1)

swschrad (312009) | about 4 months ago | (#47682027)

fact is, it's a pretty soft underbelly, this electronic commerce thing. it's the system that's rotten, and the top bananas are way green in this stuff. going to be a lot of meat robots canned before electronic payments make the cut.

Bah (0)

Anonymous Coward | about 4 months ago | (#47682115)

True hackers wouldn't need to physically break in.

Exactly. (1)

WindBourne (631190) | about 4 months ago | (#47683213)

It is cheaper and faster to simply buy an insider.

First Target, now this? (1)

miller701 (525024) | about 4 months ago | (#47683107)

What's going on with picking' on our nice Minnesota retailers? I guess Best Buy is next!

New Disease Discovered (0)

Anonymous Coward | about 4 months ago | (#47683147)

It has no known symptoms. Said to afflict only those in New Jersey.

What do all of these companies have in common? (1)

WindBourne (631190) | about 4 months ago | (#47683203)

1) They run Windows.
2) they have outsourced to India esp. the production.
3) nearly all of these companies do NOT operate in India, EXCEPT for hiring coders/admin.

You have systems admin that are paid less than $8,000 / year. If you are Russia or China, would you spend large sums of money to break into a store to get access to a production system, all while having your insider possibly getting caught, OR, would you spend just 50K, approach an admin that is doing work on production and all s?he has to do, is release a worm quietly on the production, that will NOT hurt other employees?
If we westerners, esp American MBAs, are dumb enough to oursource this work like this, we deserve what we are getting.

For those thinking that these are insider jobs (2)

WindBourne (631190) | about 4 months ago | (#47683225)

BTW, for those that think that these were companies that were cracked by ppl walking into the stores, here you go
www.chicagotribune.com/business/breaking/chi-report-jewel-osco-hacked-20140815-story.html

The list of retailers that have been hit by breaches just this year includes Recreational Equipment Inc., CVS/Caremark, Goodwill Industries International Inc., Ebay, Aaron Brothers, Sally Beauty Supply, Home Depot, Sears, Michaels Stores and Neiman Marcus.

And that does not include either Jewel Osco, Target, or Supervalu. In addition, all have been done in less than 9 months.
So, is this ppl running around the nation going into all of these companies? Nope. Possibly a backdoor was found on the network equipment. But, I suspect that they have simply bought some ppl in the nations that they have outsourced to.

Re:For those thinking that these are insider jobs (0)

Anonymous Coward | about 4 months ago | (#47686117)

Target was hacked via their HVAC system. [krebsonsecurity.com]

Re: For those thinking that these are insider jobs (0)

Anonymous Coward | about 4 months ago | (#47702841)

No, that was never proven. All that was known was that a key was missing. That does not mean that it was the point of entry.

Wow (0)

Anonymous Coward | about 4 months ago | (#47684489)

I haven't heard of a SuperValu (sometimes seen as a Dan's or a King's) since the Midwest. Sure as shit never thought it'd be high profile enough to hack (security through obscurity).

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?