What's in store after Supervalu breach?

The latest retail security breach–hitting grocery retailer and wholesaler Supervalu (NYSE:SVU) for the second time this year–targeted its point-of-sale (POS) systems. However, security experts warn that retailers need to be prepared for other types of attacks.

Minneapolis-based retailer Supervalu said earlier this week that an intruder installed malware into the portion of its computer network that processes payment-card transactions for Shop 'n Save, Shoppers Food & Pharmacy, and corporate-owned and franchised Cub Foods stores. Also affected were Albertsons stores in several states, along with certain Acme, Jewel-Osco, Shaw's and Star Markets stores.

The latest intrusion did not succeed in capturing data from any payment cards used at any stores, according to Supervalu, other than possibly at four franchised Cub Foods stores in Hastings, Roseville, Shakopee and White Bear Lake, Minnesota, where implementation of new technology had not yet been completed.

"We've taken measures to install enhanced protective technology that we believe significantly limited the ability of this malware to capture payment-card data, and we will continue to make these investments going forward," said Sam Duncan, Supervalu president and CEO in a statement.

However, despite Supervalu's efforts to beef up its security, the grocery chain–and all other U.S. retailers–needs to shore up its security efforts. "Security is something that you build over time, like a healthy lifestyle. You can't wait until you get breached and then try to quit all those bad practices cold-turkey," Jeff Williams, CTO of security technology firm Contrast Security, told FierceRetailIT.

While the main target by hackers over the past year has been retailers' POS systems, Williams warned that retailers should be prepared for anything, since criminals may switch to other types of attacks.

"Attackers are adept at finding the weakest link in your defenses," Williams said. "The only way forward is to start your security wellness program now, and start changing the corporate culture of rapid deployment of insecure software to one of rapid deployment of trustworthy code."

For more:
-See this CBSNews article
-See this Supermarket News article
-See this Wall Street Journal article

Related stories:
Supervalu reports data breach
Backoff malware widespread, PCI Council issues call to action
Retailers still unprepared for security breaches
Home Depot breach affects 56M debit, credit cards
Target breach cost $148 million; tech hub opens in Silicon Valley