SUPERVALU Notifies Customers of Criminal Computer Intrusion at Some of Its Owned and Franchised Stores

Editorial Note: A cautionary Tale…

SUPERVALU INC. has announced that it experienced a criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores, including some of its associated stand-alone liquor stores. This criminal intrusion may have resulted in the theft of account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some point of sale systems at some of the Company’s owned and franchised stores. The Company has not determined that any such cardholder data was in fact stolen by the intruder, and it has no evidence of any misuse of any such data, but is making this announcement out of an abundance of caution.

SUPERVALU believes that the payment cards from which such cardholder data may have been stolen were used during the period of June 22 (at the earliest) through July 17 (at the latest), 2014, at the 180 SUPERVALU stores and stand-alone liquor stores listed atwww.supervalu.com under the Consumer Security Advisory section, operated under the Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save and Shoppers Food & Pharmacy banners. The intrusion may also have resulted in the theft of such cardholder data from some cards used during this period at 29 franchised Cub Foods stores and stand-alone liquor stores, which are included in the store list referenced on the SUPERVALU website. SUPERVALU currently believes that the intrusion did not affect any of its owned or licensed Save-A-Lot stores or any of the independent grocery stores supplied by the Company through its Independent Business network other than the franchised Cub Foods stores referenced above.

Upon recognition of the intrusion, the Company took immediate steps to secure the affected part of its network. An investigation supported by third-party data forensics experts is on-going to understand the nature and scope of the incident. SUPERVALU believes the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores.

“The safety of our customers’ personal information is a top priority for us,” said President and CEO Sam Duncan. “The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data. I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores.”

The Company currently has no reason to believe that additional information beyond that described above may have been stolen by the intruder. However, given the continuing nature of the investigation, it is possible that time frames, locations and/or at-risk data in addition to those described above will be identified in the future.

The Company has notified federal law enforcement authorities and is cooperating in their efforts to investigate this intrusion and identify those responsible for the intrusion. This press release has not been delayed as a result of law enforcement investigation.SUPERVALU has also notified the major payment card brands and is cooperating in their investigation of the intrusion.

Although SUPERVALU has not determined that any cardholder data was in fact stolen by the intruder, and it has no evidence of any misuse of any such data, the Company is offering customers whose payment cards may have been affected 12 months of complimentary consumer identity protection services through AllClear ID. SUPERVALU has established a call center to answer customer questions about the intrusion and the identity protection services being offered. This call center will be staffed Monday through Saturday from 8 a.m. to 8 p.m. Central time and can be reached at (855) 731-6018. Customers can now call this number at their convenience, and a recorded message will be available with information regarding the intrusion. Customers can also visitwww.supervalu.com under the Consumer Security Advisory section for additional information about the intrusion and the complimentary consumer identity protection services being offered through AllClear ID.

Customers are not responsible for counterfeit fraudulent charges on their credit cards or debit cards that are timely reported. Accordingly, if customers become aware of such activity, they should contact their issuing bank immediately. Below is a “Consumer Identity Protection Reference Guide” that details the steps customers can take to protect their information against potential misuse, including the option to place a fraud alert or a security freeze on their credit file. SUPERVALU urges customers to be vigilant and closely review or monitor their bank and credit card statements, credit reports and other financial information for any evidence of identity theft or other unusual activity. The Company reminds its customers that under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. To obtain a free credit report, customers should visitwww.annualcreditreport.com or call, toll free, (877) 322-8228.

Some stores owned and operated by Albertson’s LLC and New Albertson’s, Inc. suffered a related criminal intrusion. For more information about the intrusion affecting Albertson’s LLC and New Albertson’s, Inc. stores, please visit albertsons.com, acmemarkets.com, jewelosco.com, or shaws.com. SUPERVALU provides information technology services to these Albertson’s LLC and New Albertson’s, Inc. stores pursuant to transition services agreements, and we have been working together to respond to the intrusion into their stores. SUPERVALU believes that any losses incurred by Albertson’s LLC or New Albertson’s, Inc. as a result of the intrusion affecting their stores would not be SUPERVALU’s responsibility.

SUPERVALU maintains insurance for cyber threats, which it believes should mitigate the financial effect of these intrusions onSUPERVALU, including claims that might be made against the Company based on these intrusions. Based on currently available information, SUPERVALU management does not believe that the ultimate outcome of these intrusions, including any related lawsuits, claims or other proceedings that might be initiated against the Company, will have a material adverse impact on the Company’s consolidated results of operations, cash flows or financial position.