IT Security Stories to Watch: Albertsons Data Breach, Ebola Malware

The AB Acquisition and Supervalu (SVU) data breaches, Ebola virus phishing campaign and launch of Robin Williams malware are three of the biggest IT security stories to watch this week.

Dan Kobialka, Contributing writer

August 18, 2014

4 Min Read
Hackers recently have targeted several US grocery store chains including Albertsons ACME Markets and Supervalu SVU
Hackers recently have targeted several U.S. grocery store chains, including Albertsons, ACME Markets and Supervalu (SVU).

This week’s IT security stories to watch looks at recent hacker attacks on several U.S. grocery store chains, including Albertsons, ACME Markets and Supervalu (SVU). Details about the cyber attacks against these supermarkets are still being released, but the news shows just how important IT security can be for managed service providers (MSPs) and other businesses. That and other security news below.

How did hackers attack these grocery stores? Find out in this week’s IT security stories to watch:

1. AB Acquisition confirms unauthorized access to credit and debit card data
AB Acquisition, which operates grocery store chains Albertsons, ACME Markets, Jewel-Osco, and Shaw’s and Star Market, last week said it found out about a cyber attack that was used to obtain credit and debit card payment information in some of its stores.

The company said the unauthorized access may have started on June 22 (at the earliest) and ended on July 17 (at the latest).

This data breach may have affected:

  • Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah

  • ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey

  • Jewel-Osco stores in Iowa, Illinois and Indiana

  • Shaw’s and Star Market stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island

“We know our customers are concerned about the security of their payment card data, and we work hard to protect it,” AB Acquisition Chief Information Officer Mark Bates said in a prepared statement. “We understand the inconvenience and concern an incident like this can cause, and we deeply regret that our customers’ data was targeted.”

AB Acquisition has launched an investigation into the incident, but it has not yet determined if any cardholder data was stolen.

Supervalu also announced hackers have attacked its computer network that processes payment card transactions for several of its retail food stores, including some of its associated standalone liquor stores.

“The safety of our customers’ personal information is a top priority for us,” Supervalu CEO Sam Duncan said in a prepared statement. “The intrusion was identified by our internal team, it was quickly contained and we have had no evidence of any misuse of any customer data. I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores.”

2. Cybersecurity is a top concern for energy companies
Cybersecurity is becoming increasingly important for energy companies, yet the majority of these businesses are not prepared to deal with hackers.

A new Black & Veatch survey, titled “2014 Strategic Directions: U.S. Electric Industry,” showed cybersecurity was among the top five concerns for energy companies, according to U.S. News and World Report. However, researchers said 68 percent of electric utilities surveyed said they have not integrated security systems with the “proper segmentation, monitoring and redundancies” needed for cyber threat protection.

“The industry is paying attention and actively seeking ways to bolster security practices to limit power system vulnerability,” researchers wrote in their report. “We are seeing an industry that is actively moving forward with the deployment of comprehensive asset protection plans following several high-profile cyber and physical threat events.”

Sounds like a good potential vertical for MSPs.

3. Cyber criminals capitalize on Ebola virus outbreak
Symantec (SYMC) last week reported hackers are using a West African Ebola virus outbreak as bait in a phishing campaign.

The company noted there have been at least three Ebola virus malware campaigns to date and is advising people to look out for suspicious emails.

“Symantec advises all users to be on guard for unsolicited, unexpected or suspicious emails,” Symantec wrote in a blog post. “If you are not sure of the email’s legitimacy then don’t respond to it, and avoid clicking on links in the message or opening attachments.”

4. Hackers exploit Robin Williams in malware campaign
Cyber criminals exploited the death of Robin Williams last week, launching a malware campaign using links to photos and videos of the late comedian.

Symantec Security Response Manager Satnam Narang told VPN Creative it is common for hackers to use both real and fake celebrity deaths to initiative cyber attacks.

“Over the years, scammers have used both real and fake celebrity deaths as a way to convince users to click on links and perform actions. From Amy Winehouse and Paul Walker to the fake deaths of Miley Cyrus and Will Smith, scammers are opportunistic and always looking for ways to capitalize,” Narang said.

What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at [email protected].

About the Author

Dan Kobialka

Contributing writer, Penton Technology

Dan Kobialka is a contributing writer for MSPmentor and Talkin' Cloud. In the past, he has produced content for numerous print and online publications, including the Boston Business Journal, Boston Herald and Patch.com. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State College (now Bridgewater State University). In his free time, Kobialka enjoys jogging, traveling, playing sports, touring breweries and watching football (Go Patriots!).  

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like