The parent company of Albertsons said Friday that hackers breached data security at the grocery chain, including Southern California stores, and attempted to steal debit and credit card information.
Boise, Idaho-based AB Acquisition LLC said more than 700 Albertsons stores nationwide are affected, including 180 in Southern California, along with 228 SuperValue stores, which are located outside the state. Albertsons stores in Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah were also impacted.
The company said it contained the breach and patched it, and didn’t believe any data had been stolen. But it doesn’t really know. It assured customers they could continue to use their cards, but an investigation is just getting underway. The breach, which was not explained in any detail, allegedly occurred as early as June 22 and continued until July 17 at the latest.
Jose Pagliari at CNN Money wrote that the company is unsure how many customers are affected and that SuperValue spokespeople didn’t seem as certain that there had been no lost data. If card information was obtained, he wrote, it probably included names, expiration dates and three-digit security codes.
News of the breach comes a week after P.F. Chang announced that a data breach in June affected customers at eight of its California restaurants and 24 elsewhere. The Scottsdale-based company said the “potentially stolen credit and debit card data includes the card number and in some cases also the cardholder's name and/or the card's expiration date.”
The company has not confirmed any specific illicit uses of the card information but suggested customers have fraud alerts placed on their credit files and encouraged them to “remain vigilant.”
The breaches at P.F. Chang and Albertsons are by no means unusual. Ponemon Institute researchers ran the numbers for CNN Money and found that 110 million Americans—about half the nation’s adults—were hacked in the past 12 months. The breaches involved 432 million accounts.
Unisys surveys indicate that 59% of Americans are seriously concerned about getting hacked, up from 52% in 2013. But the company’s U.S. Security Index, a broader measure of fear related to security issues, was only slightly higher than last year and considerably lower than previous years.
Unisys suggested that endless hacking reports were causing data breach fatigue and making Americans less vigilant about protecting their personal information. David Frymier, Unisys chief information security officer, essentially blamed customers for the high number of intrusions. Frymier told Samuel Greengard at Baseline:
“Despite highly publicized data breaches and hacker attacks, the majority of people have not been personally harmed by cyber-crimes because the losses are absorbed by businesses and financial institutions. This is bad news for businesses, because the average consumer has little incentive to avoid risky online behavior.”
And since Joe Consumer won’t get his act together, Frymier said, “Businesses and banks will have to decide at what point it becomes more cost-effective to improve their security than to bear the costs of cyber-crime.”
Consumer are probably hoping that occurs sooner than later.