Albertsons 2015 Annual Report Download - page 19

Download and view the complete annual report

Please find page 19 of the 2015 Albertsons annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 120

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120

17
adversely affected by claims from customers, financial institutions, payment card brands, stockholders and others and by costly
inquiries or enforcement actions on the part of regulatory authorities.
The Company has also expended significant time and resources on enhanced protective technology. The Company continues to
take actions to implement further security enhancements and the Company is committed to continuing to improve its
information security safeguards to protect its stores against intrusions. The time and resources devoted to enhancing the
Company’s information security can be disruptive to the day-to-day operations of the Company’s businesses, which could
adversely affect the Company’s results of operations.
Some stores owned and operated by Albertson’s LLC and NAI experienced related criminal intrusions. The Company provides
information technology services to these Albertson’s LLC and NAI stores pursuant to the TSA, and the Company has been
working together with Albertson’s LLC and NAI to respond to the intrusion into their stores. While the Company believes that
any losses incurred by Albertson’s LLC or NAI as a result of the intrusion affecting their stores would not be the Company’s
responsibility, the Company could face claims by Albertson’s LLC and NAI related to the intrusions, or other third parties
seeking to hold the Company responsible for the intrusions into the stores of Albertson’s LLC and NAI. The Company also
cannot be certain whether the intrusions could adversely affect the Company’s relationships with Albertson’s LLC and NAI.
The Company is currently subject to private litigation and claims relating to the intrusions, and in the future the Company may
be subject to additional litigation and claims and to governmental investigations or proceedings relating to one or both of the
intrusions. The Company’s financial liability arising from such litigation, claims, investigations or proceedings will depend on
many factors, including:
the results of the payment card brands’ ongoing forensic investigations of the intrusions;
whether, at the time of the intrusions, the portion of its network that handles payment card data was in compliance with
applicable payment card industry standards;
whether, and if so to what extent, any fraud losses or other expenses experienced by cardholders, card issuers and/or the
payment card brands on or with respect to the payment card accounts affected by the intrusions can be properly attributed
to these intrusions and whether, and if so to what extent, those expenses would be the Company’s legal responsibility;
the nature and extent of any losses to Albertson’s LLC or NAI from the intrusions and any claims asserted against the
Company for such losses; and
the adequacy of the Company’s insurance.
Disruptions to the Company’s information technology systems, including future cyber-attacks and security breaches,
and the costs of maintaining secure and effective information technology systems could negatively affect the Company’s
business and results of operations.
The efficient operation of the Company’s businesses is highly dependent on computer hardware and software systems,
including customized information technology systems. Information systems are vulnerable to security breaches by computer
hackers and cyber terrorists. The Company relies on industry accepted security measures and technology to securely maintain
confidential and proprietary information maintained on the Company’s information systems, and continues to invest in
maintaining and upgrading the systems and applications to ensure risk is controlled. In response to the information technology
intrusions the Company experienced in the second quarter of fiscal 2015, the Company has taken and is continuing to take
actions to strengthen the security of its information technology systems. Nevertheless, these measures and technology may not
adequately prevent security breaches in the future. There can be no assurance that the Company will not suffer another
intrusion, that unauthorized parties will not gain access to confidential or personal information, or that any such incident will be
discovered promptly. The techniques used by criminals to obtain unauthorized access to sensitive data change frequently and
often are not recognized until launched against a target, and the Company may be unable to anticipate these techniques or
implement adequate preventative measures. The failure to promptly detect, determine the extent of and appropriately respond to
a significant data security breach could have a material adverse impact on the Company’s business, financial condition and
results of operations. In addition, the unavailability of the information systems or failure of these systems to perform as
anticipated for any reason, including a major disaster or business interruption resulting in an inability to access data stored in
these systems or sustain the data center systems necessary to support functions to meet Company needs, and any inability to
respond to, or recover from, such an event, could disrupt the Company’s business and could result in decreased performance
and increased overhead costs, causing the Company’s business and results of operations to suffer.
Additionally, the Company’s businesses involve the receipt and storage of sensitive data, including personal information about
the Company’s customers and employees and proprietary business information of the Company and its customers and vendors.
The Company may also share information with vendors that assist the Company in conducting its business, as required by law,
with the permission of the individual or as permitted under the Company’s privacy policy. As a merchant that accepts debit and