The grocery chain Supervalu said Friday that it may have suffered a data breach at stores in as many as five states.
Hackers accessed a network that processes store transactions. Account numbers, expiration dates, cardholders' names and other information may have been stolen, the company said.
Grocery stores — as well as some stand-alone liquor shops — in Minnesota, Virginia, Illinois, Maryland and Missouri may have been affected between June 22 and July 17.
The cards from which data may have been stolen were used at 180 Supervalu stores and liquor stores run under the Cub Foods, Farm Fresh, Hornbacher's, Shop 'n Save and Shoppers Food & Pharmacy names. Data may also have been stolen from 29 franchised Cub Foods stores and liquor stores.
There was also a related criminal intrusion at some stores owned and run by Albertson's LLC and New Albertson's Inc., the company said. Supervalu provides information technology services to the Albertson's and New Albertson's stores.
Supervalu said that it currently believes the data breach did not impact its owned or licensed Save-A-Lot stores or any of the independent grocery stores supplied by the company through its independent business network other than the franchised Cub Foods stores previously mentioned.
Once it learned of the breach, the company said that it took immediate steps to secure that portion of its network.
An investigation into the incident is ongoing.
The company hasn't determined if any cardholder data was actually stolen and said Friday that there's no evidence of the data being misused. The release of information about the breach was released out of "an abundance of caution," the company said. It is believed that the intrusion has been contained, the company said, and it remains confident shoppers can safely use their credit and debit cards at its stores.
The intrusion at Supervalu is just the latest in a string of data breaches at major retailers.
Earlier this month, Target said that expenses tied to a breach leading up to last year's holiday shopping season could reach as high as $148 million. The incident led to a major shakeup and CEO Gregg Steinhafel resigned.
Restaurant operator P.F. Chang's confirmed in June that data from credit and debit cards used at its restaurants was stolen.
There have been smaller breaches at Neiman Marcus and Michaels Stores Inc., and even at Goodwill.
There are currently efforts underway to change the technology used in credit and debit cards to make consumer information more secure.
Supervalu Inc., based in Eden Prairie, is offering customers whose cards may have been affected a year of complimentary consumer identity protection services via AllClear ID. The company has created a call centre to help answer customer questions about the data breach and the identity protection services being offered. The call centre can be reached at (855) 731-6018. Customers may also visit Supervalu's website under the Consumer Security Advisory section to get more information about the data breach and the identity protection services.