According to AB Acquisition LLC, which operates these chains and others, the company “recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of its stores.”
The company says that it has brought in the authorities and that it working with its IT services provider and third-party data forensics experts to investigate the cause and breadth of the breach.
It looks like the hack began on June 22 and ended by July 17.
As of this morning, AB Acquisition said it could not find evidence that any cardholder data was in fact stolen, or that any cardholder information had been misused.
In a statement, the company said it “believes that the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores.”
The hack affected the following stores:
Albertsons: stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah.
ACME: stores in Pennsylvania, Maryland, Delaware and New Jersey.
Jewel-Osco: stores in Iowa, Illinois and Indiana.
Shaw’s and Star Markets: stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.
The company says it will be posting more information on albertsons.com, acmemarkets.com, jewelosco.com, and shaws.com within 24 hours.
Customers whose cards may have been affected are being offered 12 months of complimentary consumer identity protection services. Starting today at 4 p.m. ET, concerned customers from these stores can call AllClear ID at 1-855-865-4449 to learn about this offer.