The parent company of popular U.S. grocery store chains Albertson's and Jewel-Osco was hit with its second data breach in as many months, news outlets around the nation reported.
AB Acquisition LLC also operates ACME Markets and Shaw's and Star Markets, according to ktla.com. Shoppers who used their credit or debit cards at any of the stores could be at risk, specifically those who shopped between Aug. 27 and Sept. 21.
The breach at Jewel-Osco stores affected those shopping in Illinois, Indiana and Iowa, reported Crain's Chicago Business. Customers were at risk who used their credit or debit cards at Albertson's stores in California, Idaho, Montana, Oregon, Nevada, North Dakota, Utah, Washington and Wyoming, according to a company statement. Those who shopped at Acme Markets in Pennsylvania, Maryland, Delaware and New Jersey could be affected, along with those at Shaw's and Star Markets in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.
The breach was the result of malware installed on the chains' card payment systems. As a result, the program may have captured shoppers' personal credit and debit card information, ktla.com reported.
According to a Data Security Update on the Jewel-Osco website, that information could include names, account numbers, expiration dates and other data.
“We take our responsibility to protect our customers’ payment card data seriously,” said Bob Miller, Chief Executive Officer at AB Acquisition LLC, in a prepared statement.
“We sincerely regret that our customers’ data was targeted. As a company, our decisions are always focused on what is best for our customers, and we know this issue has inconvenienced them and caused concern. We are taking appropriate measures to enhance the protection of our customers’ payment card data. We are working closely with all parties on the investigation into this incident,” Miller said.
This is the second time in two months these stores have been victims of hackers placing malware on their computer systems, according to Consumerist.com. The two types of malware were different from one other.
Those who shopped at the at-risk grocery stores between Aug. 27 and Sept. 21 are eligible for free identity theft protection services. To lean more, visit the stores' websites.