Albertsons part of debit and credit card data breach

AB Acquisition LLC, which operates Albertsons stores under Albertson’s LLC and ACME Markets, Jewel-Osco, and Shaw’s and Star Markets under New Albertson’s, Inc., recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of its stores. The appropriate federal law enforcement authorities have been notified, and AB Acquisition is working closely with its third party IT services provider, SUPERVALU, to better understand the nature and scope of the incident. Third-party data forensics experts are supporting an ongoing investigation. AB Acquisition has not determined that any cardholder data was in fact stolen, and currently it has no evidence of any misuse of any such data.

AB Acquisition believes that the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores.

Based on the latest information from the ongoing investigation, it appears that the period of unauthorized access may have started on June 22, 2014 (at the earliest) and ended on July 17, 2014 (at the latest).

Based on information we have at this time, Albertsons stores in Arizona, Arkansas, Colorado, Florida, Louisiana, New Mexico, Texas and our two Super Saver Foods Stores in Northern Utah were not impacted by this incident. However, Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah were impacted. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw’s and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were all impacted by this incident.

Given the continuing nature of the investigation, it is possible that time frames, locations and/or at risk data in addition to that described above will be identified in the future.

More information will be available on the websites at albertsons.com, acmemarkets.com, jewelosco.com, and shaws.com within 24 hours. Although it has not yet been determined whether any cardholder data was in fact stolen, and there is no evidence to date of any misuse of such data, AB Acquisition LLC is offering customers whose payment cards may have been affected 12 months of complimentary consumer identity protection services through AllClear ID. Customers may visit the websites listed above for further information about the incident and about complimentary consumer identity protection services being offered, or call AllClear ID at 1-855-865-4449 beginning at 2:00pm MT (4:00pm ET) on August 20, 2014.