EFTA01382277.pdf

Amendment No. 3 to Form S-1 Table of Contents cyber-attacks or intrusions from known malware or matware that may be developed in the future. To the extent that any disruption results in the loss, damage or misappropriation of information, we may be adversely affected by claims from customers, financial institutions, regulatory authorities, payment card associations and others. In addition, the cost of complying with stricter privacy and information security laws and standards, including PCI DSS version 3.0 and ANSI data encryption standards, could be significant. Termination of the SuperValu transition services agreement or the failure of SuperValu to perform its obligations thereunder could adversely affect our business, financial results and financial condition. Our ability to effectively monitor and control the operations of Albertsons and NAI depends to a large extent on the proper functioning of our IT and business support systems. In connection with our acquisition of NAI, Albertsons and NAI each entered into a comprehensive transition services agreement with SuperValu. Pursuant to the SVU TSAs, Albertsons and NAI each pay fees to SuperValu for certain services, including back office, administrative, IT, procurement, insurance and accounting services. The SVU TSAs limit the liability of SuperValu to instances in which SuperValu has committed gross negligence in regard to the provision of services or has breached its obligations under the SVU TSAs. The SVU TSAs terminated and replaced a transition services agreement providing for substantially similar services, which we had previously entered into with SuperValu in connection with our June 2006 acquisition of the Legacy Albertsons Stores. We plan to complete the transition of our Albertsons and NAI stores, distribution centers and systems onto Safeway's IT systems by mid-2018, but may suffer disruptions as part of that process. In addition, we are dependent upon SuperValu to continue to provide these services to Albertsons and NAI until we transition Albertsons and NAI onto Safeway's IT system and otherwise replace SuperValu as a service provider to Albertsons and NAI. In addition, we may depend on SuperValu to manage IT services and systems for additional stores we acquire, including the A&P stores we are acquiring, until we are able to transition such stores onto Safeway's IT system. The failure by SuperValu to perform its obligations under the SVU TSAs prior to Albertsons' and NAI's transition onto Safeway's IT systems and to other service providers (external or internal) could adversely affect our business, financial results, prospects and results of operations. Furthermore, SuperValu manages and operates NAI's distribution center located in the Lancaster. Pennsylvania area. Under the Lancaster Agreement (as defined herein), SuperValu supplies NAI's Acme and Shaw's stores from the distribution center under a shared costs arrangement. The failure by SuperValu to perform its obligations under the Lancaster Agreement could adversely affect our business, financial results and financial condition. Our third-party IT services provider discovered unauthorized computer intrusions in 2014. These intrusions could adversely affect our brands and could discourage customers from shopping in our Albertsons and NAI stores. Our third-party IT services provider for Albertsons and NAI, SuperValu, informed us in the summer of 2014 that it discovered unlawful intrusions to approximately 800 Shaw's, Star Market, Acme, Jewel-Osco and Albertsons banner stores in an attempt to obtain payment card data. We have contacted the appropriate law enforcement authorities regarding these incidents and have coordinated with our merchant bank and payment processors to address the situation. We maintain insurance to address potential liabilities for cyber risks and, in the case of Albertsons and NAI, are self-insured for cyber risks for periods prior to August 11, 2014. We have also notified our various insurance carriers of these incidents and are providing further updates to the carriers as the investigation continues. We believe the intrusions may have been an attempt to collect payment card data. The unlawful intrusions have given rise to putative class action litigation complaints against SuperValu and our company on behalf of customers. Certain state regulators have also made inquiries related to this 33 hill). %kW V.. sce.go% A R: hi% es 'Agar data' 1646972 000119312515335826A900395dsla.htm110 14'2015 9:03:02 AM1 CONFIDENTIAL - PURSUANT TO FED. R. GRIM. P. 6(e) DB-SDNY-0081572 CONFIDENTIAL SDNY_GM_00227756 EFTA01382277