John Berg of Fox River Grove uses a bank-issued Visa credit card when he shops, including as a regular customer at Jewel-Osco.
On Wednesday, he received a call from the bank asking if he was in New Jersey that day. He wasn't.
But someone with his card number was, and that person added charges of $80 and another $45 on Berg's Visa. So the bank canceled the charges and the card, then issued a new credit card to Berg.
"There is so much hacking out there, it's become a joke," Berg said. "People are paying for the convenience."
It's unclear if Berg was a direct victim of the Jewel-Osco data breach announced Friday. But he joins thousands of other consumers in the past year forced to change credit or debit cards and monitor their credit reports and scrutinize monthly statements after Jewel-Osco, Target and other major retailers said their systems were hacked.
On Friday, Itasca-based Jewel-Osco said it had a breach of consumer data between June 22 and July 17 and parent company AB Acquisition LLC is offering customers ways to track their data.
Although there is no evidence yet that any cardholder data was actually stolen or misused, AB Acquisition said it is offering customers whose payment cards might have been affected one year of complimentary consumer identity protection services through AllClear ID.
Customers can visit Jewelosco.com for more information or call AllClear ID at (855) 865-4449.
A free copy of your credit report also can be obtained from each of the credit bureaus once a year by going to www.annualcreditreport.com or calling (877) 322-8228. Hearing-impaired consumers can access TDD services at (877) 730-4104.
AB Acquisition said it believes the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores, the statement said.
Besides Jewel-Osco, AB Acquisition operates Albertsons stores under Albertson's LLC and ACME Markets, Shaw's and others. The company said it is working with authorities.
"We know our customers are concerned about the security of their payment card data, and we work hard to protect it," Mark Bates, senior vice president and chief information officer at AB Acquisition, said in a statement. "As soon as we were notified of the incident, we began working closely with SuperValu to determine what happened. It's important to note that there is no evidence at this point that consumer data has been misused."
Jewel-Osco spokeswoman Jennifer Mifflin declined to comment.
SuperValu owned Jewel-Osco until it sold the grocery chain in March to an investment group led by Cerberus Capital, which referred all calls to AB Acquisition.
However, SuperValu provides information technology services to Jewel-Osco as per a transitional service agreement, and it has been working with AB Acquisition to respond to the breach, said SuperValu spokesman Luke M. Friedrich.
Besides Jewel-Osco here, others were affected in Iowa and Indiana, as well as the ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; and Shaw's and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island, Bates said.
In addition, Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah were affected.
"We understand the inconvenience and concern an incident like this can cause, and we deeply regret that our customers' data was targeted," Bates said.