Cyber Incident Victim: Musgrave Group
Date:
Oct 2017
Location:
Ireland
Summary
A cyber attack targeted the operator of SuperValu, Centra, and Daybreak stores, involving malicious software designed to steal customer payment card details and expiration dates, though cardholder names, PINs, and CVV numbers were not compromised. The incident was reported to authorities, with no confirmed data theft identified; precautionary measures included advising customers to monitor account statements. The company deployed technical fixes, engaged cybersecurity experts, and emphasized ongoing monitoring alongside existing security protocols such as threat detection and firewalls.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around October 10, 2017, Musgrave Group, operator of SuperValu, Centra, and Daybreak retail stores in Ireland, disclosed a cybersecurity incident involving malicious software deployed against its systems. Cybercriminals attempted to steal customer payment card details through this malware, specifically targeting credit and debit card numbers along with expiration dates. The attack did not seek to compromise cardholder names, PINs, or CCV security codes. Musgrave reported the incident to An Garda Síochána (Irish police) and Ireland's Data Protection Commissioner, though no evidence of successful data exfiltration was confirmed at the time of disclosure. The company advised concerned customers to review their bank statements as a precautionary measure while emphasizing its ongoing monitoring of systems.
Musgrave activated its incident response protocol by engaging cyber breach response experts who implemented advanced technical countermeasures to neutralize the attack vector. The company highlighted its existing security infrastructure, including threat-monitoring systems, anti-virus software, firewalls, and penetration testing protocols. These measures were reinforced following the incident to maintain what Musgrave described as its "highest-level" security standards. As Ireland's leading supermarket operator with over 20% market share through SuperValu alone, the breach attempt impacted multiple retail brands under Musgrave's umbrella. The organization issued a public apology to customers while maintaining continuous oversight of its systems to detect any subsequent anomalous activity related to the incident.