advertisement

Jewel-Osco admits to second data breach

Itasca-based Jewel-Osco said Monday it has discovered another breach of customers' private information but the company was unsure if payment card data was stolen.

AB Acquisition LLC, which operates Albertsons stores under Albertson's LLC and ACME Markets, Jewel-Osco, and Shaw's and Star Markets under New Albertson's Inc., was notified by its third party IT services provider SuperValu of a separate, more recent, “attempted criminal intrusion seeking to obtain payment card information” used in some of its stores.

“The company has been informed that different malware was used in this recently discovered incident than was used in the incident announced on Aug. 1,” the company said in a statement.

“We take our responsibility to protect our customers' payment card data seriously,” said Bob Miller, CEO of AB Acquisition LLC. “We sincerely regret that our customers' data was targeted. As a company, our decisions are always focused on what is best for our customers, and we know this issue has inconvenienced them and caused concern. We are taking appropriate measures to enhance the protection of our customers' payment card data. We are working closely with all parties on the investigation into this incident.”

The investigations into both this data breach and the earlier one are ongoing, the company said in a statement.

AB Acquisition said it has notified federal law enforcement authorities of this separate incident, which occurred in late August or early September. The company is cooperating in the investigation and another group of data forensics experts are supporting the investigation.

“We have also notified the major payment card brands of this incident,” the company statement said.

Chris Wilcox, a spokesman for Albertsons, declined further comment.

The statement said new malware may have captured account numbers, expiration date, other numerical information and/or the cardholder's name.

“At this time there has not been a determination that any payment card data was in fact stolen as a result of either incident,” the statement said. “Measures have been taken to prevent further use of this new and different malware in the affected store locations. We are also implementing additional measures to enhance the protection of customer payment card data.

Along with Jewel-Osco stores, those affected are Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah; ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; and Shaw's and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.

The company said more time frames and store locations could turn up during the investigation.

The company directed customers to jewelosco.com for more information and offered 12 months of free consumer identity protection services through AllClear ID to customers who shopped from Aug. 27 through Sept. 21.

•Daily Herald Business Writer Anna Marie Kukec contributed to this report.

5 tips to protect yourself from identity theft

Jewel-Osco offers help to consumers after data breach

After Jewel, UPS, how do we stay safe from data hacks?

JPMorgan hack said to start months ago

Home Depot confirms breach in U.S., Canada stores

Article Comments
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the "flag" link in the lower-right corner of the comment box. To find our more, read our FAQ.