BOISE, Idaho -- AB Acquisition LLC, which operates Albertsons stores under Albertson's LLC and ACME Markets, Jewel-Osco and Shaw's and Star Markets under New Albertson's Inc., said that its third-party IT services provider, SUPERVALU, notified it of a new, separate data breach seeking to obtain payment card information used in some of its stores.
The company said it has been informed that hackers used different malware in this recently discovered incident than intruders used in the incident it announced on Aug. 14, 2014. The investigations into both this incident and the earlier incident are ongoing.
AB Acquisition said it promptly notified federal law enforcement authorities of this separate criminal incident, which apparently occurred in late August or early September 2014, and the company is cooperating in the efforts to investigate the matter and identify those responsible, and third-party data forensics experts are supporting the investigation. The company has also notified the major payment card brands of this incident.
The new malware may have captured account numbers, expiration date, other numerical information or the cardholder's name. At this time, the company has not determination that any payment card data was in fact stolen as a result of either incident. The company has taken measures to prevent further use of this new and different malware in the affected store locations. It is also implementing additional measures to enhance the protection of customer payment card data.
Because the point-of-sale (POS) systems are different across AB Acquisition divisions, the incident did not affect Albertsons stores in Arizona, Arkansas, Colorado, Florida, Louisiana, New Mexico, Texas and two Super Saver Foods Stores in northern Utah; however, it did affect Albertsons stores in southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah. In addition, it affected ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw's and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.
"We take our responsibility to protect our customers' payment card data seriously," said Bob Miller, CEO of AB Acquisition. "We sincerely regret that our customers' data was targeted. As a company, our decisions are always focused on what is best for our customers, and we know this issue has inconvenienced them and caused concern. We are taking appropriate measures to enhance the protection of our customers' payment card data. We are working closely with all parties on the investigation into this incident."
Established in 2006, Boise, Idaho-based AB Acquisition is privately owned by Cerberus Capital Management, Kimco Realty Corp., Klaff Realty, Lubert-Adler Partners and Schottenstein Stores Corp. It operates 1,081 grocery stores and 14 distribution centers in 29 states.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.