Thales Blog

Trend #2 - Retail Data Breaches … And Then There Was Supervalu

August 21, 2014

The results of SC Magazine's seventh annual survey, "Guarding against a data breach," suggests that negative impact to a company’s reputation compels companies to improve their security against a data breach. And yet the unfortunate trend of high-profile breaches continues as the list of retailer and food chains with breached data continue to climb, including: Target, Dominos, Morrisons, Neimen Marcus, P.F. Chang's, and now Supervalu.In a statement last week, Supervalu disclosed the company’s data breach, and stated that hackers accessed a network that processes Supervalu transactions that include  account numbers, expiration dates, card holder names and other information.

The data breach occurred between June 22 and July 17 at SuperValu umbrella stores across the US, and stores for whom SuperValu provides IT Services.  The total is over 1000 across the US.  Store brands affected include: Hornbacher'sShop 'n Save, Cub FoodsFarm Fresh, Shoppers, Osco, Shaws and Star Markets as well as Albertsons supermarkets in  Idaho, Montana, North Dakota, California, Washington, Wyoming, Nevada, Oregon, and Utah.

The sad part of this story is that this type of data breach is completely avoidable. These breaches continue to demonstrate why data security should be top of mind for every organization today. Companies clearly have to assume that they are already breached, and begin looking at policies, access controls and technology that prevent attackers from infiltrating regulated or sensitive data, from both inside and outside the network.

In last year’s Insider Threat Report, only 27% of respondents block privilege user access, and only 24% detect anomalous data access in real-time. Clearly, only a minority of businesses seem to implement best-practice data centric controls. Although IT decision-makers and business executives are concerned about data breaches and insider threats, they still tend to rely on perimeter and network security focused tools today, or under invest completely rather than securing data at source.