Shaw's, Star Market Announce Possible Data Breach

The company that operates Shaw's and Star Market said Friday that it may have suffered a data breach at some of its New England stores

The company that operates Shaw's and Star Market said it may have suffered a data breach at some of its New England stores.

AB Acquisition LLC, which operate Shaw's, Star Market, Albertson's, ACME Markets and Jewel-Osco, said in a press release that it recently learned of an "unlawful intrusion to obtain credit and debit card payment information in some of its stores." The company said federal law enforcement officials have been notified, and the company is working with Supervalu, its IT services provider, to determine the nature and scope of the incident.

Shaw's and Star Market stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were all impacted by this incident.

"AB Acquisition has not determined that any cardholder data was in fact stolen, and currently it has no evidence of any misuse of such data," the company's statement said.

The company said it appears that the period of unauthorized access began on June 22 and ended on July 17.

"We know our customers are concerned about the security of their payment card data, and we work hard to protect it," said Mark Bates, senior vice president and chief information officer at AB Acquisition LLC. "As soon as we were notified of the incident, we began working closely with Supervalu to determine what happened."

The company said more information will be available online at albertsons.com, acmemarkets.com, jewelosco.com, and shaws.com within 24 hours. AB Acquisition LLC is offering customers whose payment cards may have been affected 12 months of complimentary consumer identity protection services through AllClear ID. Customers may visit the websites above for further information about the incident and about complimentary consumer identity protection services being offered or call AllClear ID at 1-855-865-4449 beginning at 4 p.m. on Friday.

There was also a related criminal intrusion at some stores owned by Supervalu in Minnesota, Virginia, Illinois, Maryland and Missouri. Hackers accessed a network that processes store transactions. Account numbers, expiration dates, cardholders' names and other information may have been stolen, the company said.

The company hasn't determined if any cardholder data was actually stolen and said Friday that there's no evidence of the data being misused.

The intrusion at Shaw's and Star Market is just the latest in a string of data breaches at major retailers.

Earlier this month, Target said that expenses tied to a breach leading up to last year's holiday shopping season could reach as high as $148 million. The incident led to a major shakeup and CEO Gregg Steinhafel resigned.

Restaurant operator P.F. Chang's confirmed in June that data from credit and debit cards used at its restaurants was stolen.

There have been smaller breaches at Neiman Marcus and Michaels Stores Inc., and even at Goodwill.

There are currently efforts underway to change the technology used in credit and debit cards to make consumer information more secure.

The Associated Press contributed to this report.

Contact Us