Albertsons says someone tried to steal credit- and debit-card data about shoppers between June 22 and July 17.
The Boise-based supermarket chain said last week it had found no evidence that the theft attempt was successful or that customer data had been misused. But it had notified law-enforcement authorities.
The company is working with its technology provider, Supervalu, and outside data-forensics experts to figure out what happened. Supervalu is the Minnesota company that owned Albertsons stores from 2006 until last year, and with which Albertsons still shares some administrative tasks.
“These days, we know you are also concerned about the security of your payment card data, and we work hard to protect it,” said Bob Butler, Albertsons’ chief operating officer, in a statement. “Importantly, Albertsons believes that the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores.”
Q: Was my neighborhood Albertsons store involved?
A: The intruder attempted to take information for customers at all Albertsons stores in Washington, Idaho, California, Montana, Nevada, North Dakota, Oregon, southern Utah and Wyoming. Stores in Arizona, Arkansas, Colorado, Florida, Louisiana, New Mexico, Texas and northern Utah were not affected.
Non-Albertsons banners that are part of the large company also were affected, including ACME Markets, Jewel-Osco, Shaw’s and Star Markets stores. Those stores are in the Midwest and East.
Also on Friday, Supervalu reported the same kind of data breach of its computer network, affecting Supervalu-run stores that are not in Idaho. Supervalu said it was announcing the attempted theft “out of an abundance of caution.”
Q: What information was at risk?
A: Albertsons said the data could include name, account number, expiration date or other numerical information.
The information does not include Social Security number, birth date or driver’s license information.
Q: Didn’t this just happen to another company?
A: Yes. Several retailers have reported thefts of customer information, such as Target Corp. last year and Sally Beauty Supply in March.
“There’s just a number of major retailers that have been hit, and it’s just getting more and more common,” said Dylan Evans, vice president of operations for Reveal Digital Forensics and Security in Boise.
Evans said U.S. credit and debit cards use a magnetic strip, which is less secure at the register than the kinds of chip-based cards used in Europe.
“Eventually, credit cards here will switch over,” he said.
Q: How can I protect my information?
A: If you’re one of the customers whose data may have been stolen, Albertsons recommends keeping a close eye on card transactions and reporting suspicious activity immediately to the bank that issued the card.
The company also is offering a year of free consumer-identity protection services through a company called AllClear ID. Call (855) 865-4449 or visit https://abacquisition.allclearid.com for sign-up details.
You can contact credit bureaus to have a freeze placed on your credit profile so that fraudsters cannot open new accounts.
You also can obtain a free copy of a credit report once a year from each of the three credit bureaus – Experian, Equifax and TransUnion – by visiting annualcreditreport.com or calling (877) 322-8228.