Another data breach strikes retail sector
August 18, 2014

The retail sector has not been performing as well as many consumers and regulators would hope when it comes to IT security and access management in the past few years. Several of the largest, most devastating breaches to have ever impacted the public or private sectors have been directly linked to the service and retail industries, especially in the past year when Target, Neiman Marcus and countless others have fell in rapid succession. 

In many ways, it has become clear that this industry and many others have simply not taken the proper approach to proper identity and access management, as evidenced by the hundreds of millions of combined victims that have surfaced in so short of a time period. Experts continue to assert that the real issue is contained within the relative lack of forward-thinking among decision-makers in these firms, as so many still rely upon antiquated password and credential systems. 

Rather than continuing to invest in some form of security controls that have proven time and time again to be completely ineffective and dangerous, retailers and others that handle financial data must begin to embrace the next-generation of information and system access management. For example, dynamic authentication tools that streamline access from the user's perspective and are much harder to crack by hackers are likely the best options available on the market today. 

Super breach
Supervalu recently announced that it has been victimized by a breach, and that more than 100 stores within its brand might have been impacted by the security failure. For a little background, Supervalu is one of the most sizable grocery stores in the United States, as it has more than 3,300 stores across the nation under several different brands. Additionally, the firm conducts a notably high number of transactions a year, with roughly $17 billion in annual sales.

According to officials from Supervalu, the breach is believed to have taken place between June 22 and July 17, at least so far, and 180 are expected to have been victimized by the attack. As a note, the retailer has only discovered the attack to have taken place at grocery and stand-alone liquor store locations, while security experts and professional investigators have already started to dig deeper into the event. 

"The safety of our customers' personal information is a top priority for us," Supervalu President and Chief Executive Officer Sam Duncan affirmed in a public statement. "The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data. I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores."

Right now, it does appear that Supervalu is narrowing down the potential sources of the event and how it spread, but more research will need to be done to land on a final explanation. 

What needs to be done?
Although it is not yet clear what caused the breach, the past few major incidents to affect the retail sector have been traced back to poor credential management either within the directly impacted firm or a third-party service provider. For example, the Target breach was linked back to the loss of credentials at a vendor of HVAC services, showing just how quickly a small vulnerability can erupt into a massive data loss event. 

Retailers, as well as organizations in virtually every other industry, must consider alternative approaches to data and network security, such as dynamic multi-factor authentication solutions.