Private data from payment cards used at four Historic Triangle Farm Fresh stores between June 22 and July 17 may have been stolen by computer hackers.
Farm Fresh’s parent company, Minnesota-based SuperValu, announced the potential thefts Thursday. Among the data potentially taken are cardholders’ names, account numbers, expiration dates and other numerical data, according to a SuperValu news release. The company has not yet determined if any thefts occurred, but made the announcement out of an “abundance of caution.”
Two of the Farm Fresh stores affected in the Historic Triangle are in James City County: in the Five Forks area on John Tyler Highway, and in Norge on Richmond Road. The other two are in York County, at the Merrimac Trail location in Upper York County and in Grafton on Route 17.
The data was potentially compromised by an intrusion into the network the company uses to process payment card transactions. When the intrusion was detected, SuperValu took immediate steps to secure the compromised portion of its network. That network is now secure, according to the release.
Third-party data forensics experts have been brought in to further study the nature and scope of the intrusion, and federal law enforcement officials have been notified. All of the major payment card brands have also been notified and are cooperating in the investigation, according to the release.
“The safety of our customers’ personal information is a top priority for us,” SuperValu President and CEO Sam Duncan said in the release. “The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data. I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores.”
The release notes the scope of data and the store locations affected by the intrusion, as well as the time frame during which it occurred, could change as the investigation continues.
In response to the intrusion, SuperValu has announced it is offering customers whose payment cards may have been affected 12 months of complimentary consumer identity protection services through identity theft protection company AllClear ID. A call center is also running from 9 a.m. to 9 p.m. at 855-731-6018 to handle customer questions about the intrusion and the AllClear ID services.
Anyone who notices fraudulent activity on their payment card accounts should immediately contact his or her bank. Customers should closely monitor bank and credit card statements and credit reports for any potential fraudulent activity.
SuperValu supports 3,320 stores across the country, many of which are independently owned and operated. Brands under SuperValu include Farm Fresh, Cub Foods, Hornbacher’s, Shop ‘n Save and Shoppers.
Click here for a full list of stores affected by the intrusion.