eLearnSecurity Blog

Supervalu Security Breach: Customer Credit Card Info Compromised

One of the biggest grocery chains in the US, Supervalu, became a victim to a recent credit card hack. A portion of the company’s computer network has been exposed leaving sensitive credit and debit card information at risk. Data from card transactions used from June 22 to July 17 may have been stolen, as announced by the US Company, affecting over 180 Supervalu markets and liquor shops across the country.

Upon realizing the intrusion, Supervalu took immediate steps to secure the affected areas in its network. Investigation is on-going to analyze the scope of the attack.

“Many common network attacks are carried on by attacking the human factor via Social Engineering and Phishing or by exploiting 0-days vulnerabilities.” Davide Girardi, IT Security Researcher, said. “But there are also cases where attackers use a mixture of techniques, combining attacks in a chain who will help them to get access to a system after another.”

Other Company Breaches

supervalu breach

Supervalu Breach photo by Ariana Lindquist/Bloomberg

Supervalu is NOT the only victim of hackers as other high-profile data breaches have transpired in recent months. This includes retailers like Target, restaurant chain P.F. Chang’s, and hospital network Community Health Systems.

These cyber-attacks are on the rise and so do the costs that come to mitigate these incidents.

Target has reported approximately 236 million USD to repair damages of the breach that happened over a year ago. On top of financial costs, reputation and bad press is one of the major consequences associated with the security breach.

Businesses need to find ways to beef up their security set-up or else face the consequences that come with each attack.

Prevention Methods

There is no such thing as being 100-percent secure, but denying hackers the “low-hanging fruit” to your data is important. Companies can still prevent these cyberattacks from happening by creating security awareness programs to its employees, training IT staff to be skilled in different aspects of security, and conducting penetration tests as part of the development cycle.

  • Employees that are conscious about network threats behave more responsibly and help reduce risks caused by human factors.
  • Good developers and systems administrators will develop and deploy IT projects with security in mind, thus reducing the possibility of a breach and confining the compromised systems during an incident.
  • Finally, a penetration test can identify overlooked vulnerabilities. Whether you conduct the pentest internally or externally, you can strengthen the security of your IT set-up.

How Often Should You Run a Penetration Test?

Penetration tests should be done regularly but it depends on the company and how dynamic the IT infrastructure is.“A good practice is to do an internal pentest every time a new system or software goes in production and schedule regular external full-scope penetration tests.” Davide Girardi adds. “In my experience, performing internal pentests during the development is really good. Companies should implement a “unit pentest” while training people about security.”

Disclosing Cyber Attacks to the Public

Companies are usually given time to close the breach and assess what systems and data are compromised before informing the public about it. Proper investigation is required to ensure the accuracy of the attack. With the line of big companies getting attacked in this year alone, businesses and organizations should invest in toughening their IT security system. Doing so will prevent hackers from entering your network and compromising your customer’s information.

Davide Girardi gira

Davide “Gira” Girardi is a security researcher and instructor. He has 8+ years of experience in system hardening and security consultancy on Linux, Windows, OSX and mixed environments.

LinkedIn: https://www.linkedin.com/pub/davide-girardi/76/652/744


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page