albertsons store front

Albertson’s Bungles Data Breach PR

In 1905, George Santayana wrote that “Those who cannot remember the past are condemned to repeat it”.

In the world of retail data theft, memories are extraordinarily short. Just last December, Target bungled the communications surrounding a massive credit card data theft which resulted in a massive loss of customer trust. This loss of trust profoundly contributed to a stock price that is down 15 percent from a year ago and first quarter earnings plummeted 16 percent, financial results that were so poor that senior executives including the CEO were sent packing.

AB Acquisitions is one of the nation’s largest grocers and owns Albertson’s, ACME Markets, Jewel-Osco, Shaw’s and Star Markets and they either have a short memory or didn’t pay attention to recent history and how screwing up communications from stolen credit card information can have a devastating impact companies and brands.

On August 14th, Albertson’s announced a data breach which tried “to obtain credit and debit card payment information”. Typically, credit card data bases include names, account numbers, the expiration date and the three digit security code.

According to cybercrime guru Brian Krebs, credit card information from brick-and-mortar stores are highly prized and can command up to ten times the price of card information stolen on-line. Information collected from a physical swipe of a card’s magnetic strip can be easily turned into fake cards and used to fund high value purchases at other physical stores, removing the risk of having goods shipped. Walk in, buy a flat screen, walk out and disappear into the ether.

The value of information that is physically swiped was one reason Verizon’s 2014 annual report on data breaches said that criminals are focusing on “large scale attacks on payment card systems” and called 2013 the “Year of the Retailer Breach”.

Criminals are focusing on “large scale attacks on payment card systems.”


With so much information readily available on the risk to consumers from an attack like Albertson’s experienced, they should have been lighting the world on fire to warn their customers of fraud risk — it’s only by fast, honest communications that customer trust can be preserved. If stolen credit card data from the Albertson’s breach starts to show up in criminal circles, expect a loss of trust similar to Target’s and a hit on their business.

However, instead of open, clear, customer communication, Albertson’s has taken the road of obfuscation. In their press release, they didn’t point out the dangers of stolen credit card data, but rather said that it has “not yet been determined whether any cardholder data was in fact stolen” and that there was no evidence of “any misuse of such data”.

Instead of open, clear, customer communication, Albertson’s has taken the road of obfuscation.


They buried the information on the breach on their webpage below the weekly grocery specials, a contest to win a car and besides consumer product ads and only left the notice on their homepage for five days. Would the small headline “AB Acquisition LLC Confirms incident Involving Payment Card Data Processing” warn any customers that they could be at risk?

Bad communications during a data breach crisis can quickly destroy years, decades, of brand trust and customer loyalty. Public communications needs to be comprehensive and communicate clearly to the media and customers, whether it is through the press, social channels, call centers or stores. And communicating clearly means informing customers about their risk from stolen credit card data so they see the retailer as a fellow victim and partner in protecting themselves from further criminal activity. Conversely, lack of open and honest communications invariably leads to a feeling of betrayal and loss of trust.

Criminals spent a month inside of Albertson’s databases trying to steal information that they could turn into money. Once Albertson’s has finished their investigation, if it turns out that massive numbers of credit cards were stolen, then Albertson’s and their associated brands will pay a heavy price — they simply have to remember the immediate past of what happened to Target.

– By: David Fuscus – President & CEO | DFuscus@xenophonstrategies.com

1 comment

Leave a Reply

Your email address will not be published. Required fields are marked *

[wpforms id="11393" title="false" description="false"]
<div class="wpforms-container wpforms-container-full" id="wpforms-11393"><form id="wpforms-form-11393" class="wpforms-validate wpforms-form" data-formid="11393" method="post" enctype="multipart/form-data" action="/albertsons_data_breach_pr/"><noscript class="wpforms-error-noscript">Please enable JavaScript in your browser to complete this form.</noscript><div class="wpforms-field-container"><div id="wpforms-11393-field_0-container" class="wpforms-field wpforms-field-name name" data-field-id="0"><label class="wpforms-field-label" for="wpforms-11393-field_0">Name <span class="wpforms-required-label">*</span></label><div class="wpforms-field-row wpforms-field-medium"><div class="wpforms-field-row-block wpforms-first wpforms-one-half"><input type="text" id="wpforms-11393-field_0" class="wpforms-field-name-first wpforms-field-required" name="wpforms[fields][0][first]" required><label for="wpforms-11393-field_0" class="wpforms-field-sublabel after ">First</label></div><div class="wpforms-field-row-block wpforms-one-half"><input type="text" id="wpforms-11393-field_0-last" class="wpforms-field-name-last wpforms-field-required" name="wpforms[fields][0][last]" required><label for="wpforms-11393-field_0-last" class="wpforms-field-sublabel after ">Last</label></div></div></div><div id="wpforms-11393-field_1-container" class="wpforms-field wpforms-field-email" data-field-id="1"><label class="wpforms-field-label" for="wpforms-11393-field_1">Email <span class="wpforms-required-label">*</span></label><input type="email" id="wpforms-11393-field_1" class="wpforms-field-medium wpforms-field-required" name="wpforms[fields][1]" required></div><div id="wpforms-11393-field_7-container" class="wpforms-field wpforms-field-text" data-field-id="7"><label class="wpforms-field-label" for="wpforms-11393-field_7">Title &amp; Organization <span class="wpforms-required-label">*</span></label><input type="text" id="wpforms-11393-field_7" class="wpforms-field-medium wpforms-field-required" name="wpforms[fields][7]" required></div><div id="wpforms-11393-field_2-container" class="wpforms-field wpforms-field-textarea" data-field-id="2"><label class="wpforms-field-label" for="wpforms-11393-field_2">What&#039;s the situation? <span class="wpforms-required-label">*</span></label><textarea id="wpforms-11393-field_2" class="wpforms-field-medium wpforms-field-required" name="wpforms[fields][2]" required></textarea></div><div id="wpforms-11393-field_4-container" class="wpforms-field wpforms-field-checkbox wpforms-list-2-columns" data-field-id="4"><label class="wpforms-field-label" for="wpforms-11393-field_4">I need:</label><ul id="wpforms-11393-field_4"><li class="choice-5 depth-1"><input type="checkbox" id="wpforms-11393-field_4_5" name="wpforms[fields][4][]" value="Get Me In/Out of the News" ><label class="wpforms-field-label-inline" for="wpforms-11393-field_4_5">Get Me In/Out of the News</label></li><li class="choice-6 depth-1"><input type="checkbox" id="wpforms-11393-field_4_6" name="wpforms[fields][4][]" value="Public &amp; Media Relations" ><label class="wpforms-field-label-inline" for="wpforms-11393-field_4_6">Public &amp; Media Relations</label></li><li class="choice-1 depth-1"><input type="checkbox" id="wpforms-11393-field_4_1" name="wpforms[fields][4][]" value="Crisis &amp; Issues" ><label class="wpforms-field-label-inline" for="wpforms-11393-field_4_1">Crisis &amp; Issues</label></li><li class="choice-7 depth-1"><input type="checkbox" id="wpforms-11393-field_4_7" name="wpforms[fields][4][]" value="Influencing Congress &amp; Regulators" ><label class="wpforms-field-label-inline" for="wpforms-11393-field_4_7">Influencing Congress &amp; Regulators</label></li><li class="choice-2 depth-1"><input type="checkbox" id="wpforms-11393-field_4_2" name="wpforms[fields][4][]" value="Marketing" ><label class="wpforms-field-label-inline" for="wpforms-11393-field_4_2">Marketing</label></li><li class="choice-3 depth-1"><input type="checkbox" id="wpforms-11393-field_4_3" name="wpforms[fields][4][]" value="Social &amp; Digital Media" ><label class="wpforms-field-label-inline" for="wpforms-11393-field_4_3">Social &amp; Digital Media</label></li><li class="choice-4 depth-1"><input type="checkbox" id="wpforms-11393-field_4_4" name="wpforms[fields][4][]" value="Media Training" ><label class="wpforms-field-label-inline" for="wpforms-11393-field_4_4">Media Training</label></li><li class="choice-8 depth-1"><input type="checkbox" id="wpforms-11393-field_4_8" name="wpforms[fields][4][]" value="Websites, Videos &amp; Creative" ><label class="wpforms-field-label-inline" for="wpforms-11393-field_4_8">Websites, Videos &amp; Creative</label></li></ul></div><div id="wpforms-11393-field_5-container" class="wpforms-field wpforms-field-radio" data-field-id="5"><label class="wpforms-field-label" for="wpforms-11393-field_5">I would like for you to... <span class="wpforms-required-label">*</span></label><ul id="wpforms-11393-field_5" class="wpforms-field-required"><li class="choice-1 depth-1"><input type="radio" id="wpforms-11393-field_5_1" name="wpforms[fields][5]" value="Send Me Information" required ><label class="wpforms-field-label-inline" for="wpforms-11393-field_5_1">Send Me Information</label></li><li class="choice-2 depth-1"><input type="radio" id="wpforms-11393-field_5_2" name="wpforms[fields][5]" value="Call me" required ><label class="wpforms-field-label-inline" for="wpforms-11393-field_5_2">Call me</label></li></ul></div></div><div class="wpforms-field wpforms-field-hp"><label for="wpforms-11393-field-hp" class="wpforms-field-label">Comment</label><input type="text" name="wpforms[hp]" id="wpforms-11393-field-hp" class="wpforms-field-medium"></div><div class="wpforms-submit-container" ><input type="hidden" name="wpforms[id]" value="11393"><input type="hidden" name="wpforms[author]" value="1"><input type="hidden" name="wpforms[post_id]" value="10391"><button type="submit" name="wpforms[submit]" class="wpforms-submit om-trigger-conversion" id="wpforms-submit-11393" value="wpforms-submit" aria-live="assertive" data-alt-text="Sending..." data-submit-text="Submit">Submit</button></div></form></div> <!-- .wpforms-container -->