AB Acquisition LLC, an Idaho-based company that owns and operates several supermarket chains, reported that customers' credit and debit card data may have been compromised in a data breach that started June 22 at the earliest and ended by July 17.
Officials said that someone had gained illegal access to the computer systems at Supervalu Inc., the former owner of many of the chains involved. Eden Prairie, Minn.-based Supervalu, which continues to serve as AB Acquisition's third-party IT services provider, confirmed the breach.
AB Acquisition operates several supermarket chains including more than 800 Albertsons, Jewel-Osco, Shaw's and Star Markets stores in 21 states.
The company reported its computer systems had been secured since the breach discovery and that it was safe to use credit and debit cards in its stores. It was not clear whether data such as credit and debit card numbers, expiration dates and PIN codes actually had been stolen and illegally used.
AB Acquisition is controlled by Cerberus Capital Management, a private equity firm.
AB Acquisition reported that the data breach affected Albertsons stores in California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and southern Utah; ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw's and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.
In the past year there have been several high profile data thefts. Most recently, P.F. Chang's China Bistro Inc., a chain of Asian-themed restaurants, revealed it was the target of a data breach following a report that stolen customer data had appeared online.
Hackers previously wreaked havoc with Target Corp. and Neiman Marcus Group Ltd., exposing the credit-card data of tens of millions of customers. In March, Sally Beauty Holdings Inc., a seller of hair and beauty products, said data from customers' payment cards had been illegally accessed and may have been stolen.