This Sounds Familiar: Albertsons, Jewel-Osco, ACME, Shaw’s Hit By Second Credit Card Data Breach

When someone wrote me to say there was a data breach at the company behind several major supermarket chains — including Albertsons, Jewel-Osco, ACME, Star Markets, and Shaw’s — I thought, “That happened about six weeks ago, didn’t it?” Alas, the company has announced it is the victim of a new, separate attack.

AB Acquisition LLC is the name of the company, which probably doesn’t mean anything to you, but its various supermarket brands are well known around the country.

It announced late on Monday afternoon that its IT services provider SUPERVALU had notified it of a more recent “attempted criminal intrusion” from hackers trying to obtain credit/debit card information from these stores.

According to AB Acquisition, this is a different strain of malware than the one that compromised the stores’ payment systems from late June through mid-July of this year. So this is like getting over the norovirus only to find out you’ve got enterovirus.

No specific dates were given for this latest lapse in security, though AB puts the timeframe of “late August or early September” on it. Authority and credit card networks have been notified and an investigation is ongoing.

So what was stolen?

Again, no one knows for sure, but AB says hackers may have been able to steal card numbers, expiration dates, other numerical information and the cardholders’ names.

“At this time there has not been a determination that any payment card data was in fact stolen as a result of either incident,” reads a statement from AB Acquisitions. “Measures have been taken to prevent further use of this new and different malware in the affected store locations. We are also implementing additional measures to enhance the protection of customer payment card data.”

Fool us once, shame on someone. Fool us twice, we shop elsewhere.

Which stores were hit?

Albertsons: Stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah were impacted.

AB Acquisitions says that Albertsons in the following states were NOT hit: Arizona, Arkansas, Colorado, Florida, Louisiana, New Mexico, Texas; and two Super Saver Foods Stores in Northern Utah.

ACME: Stores in Pennsylvania, Maryland, Delaware and New Jersey were affected.

Jewel-Osco: Stores in Iowa, Illinois and Indiana were compromised.

Shaw’s and Star Markets: Stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were affected by this new incident.

“We take our responsibility to protect our customers’ payment card data seriously,” said AB Acquisition CEO Bob Miller, who is probably not planning any big purchases in his future. “We sincerely regret that our customers’ data was targeted.”

I’m sure your customers really thank you for your regret.

The company has posted an FAQ on each of its various stores’ websites.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.