posted Aug 15, 2014, 12:58 PM by WECB640   [ updated Oct 7, 2014, 9:06 AM ]

Shaw's reports possible security breach at Maine stores

Staff Report 
Staff Report
Business | 
Friday, August 15, 2014 at 1:43 pm

LEWISTON — Shaw’s supermarkets has posted a warning on its website that the company has recently discovered a security breach at a number of its stores, including some in Maine.

The company does not yet know whether credit and debit card information was stolen, but says the breach appears to have occurred between June 22 at the earliest and ended July 17 at the latest.

According to a note posted by Jim Rice, president of Shaw’s and Star Markets, “unfortunately, like many other retailers over the past few years,” Shaw’s has recently learned of an unlawful intrusion to obtain credit card payment information in some of its stores.”

The supermarket reported the possible breach to federal authorities, and is now working with its third-party IT provider to get more detail on the nature and scope of the possible breach, and also to shore up security measures to prevent any future breach.

The information that may have been compromised includes names, account numbers, expiration dates and other information on credit and debit cards, but does not include Social Security numbers or birth dates because this information is not collected during the electronic payment process, according to Shaw's.

According to Rice’s written statement, “it has not yet been determined whether any cardholder data was in fact stolen, and currently we have no evidence of any misuse of customer payment information.”

According to Rice, the possible breach has been contained and customers "can safely use their credit cards and debit cards in stores."

AB Acquisition, which operates Albertson’s stores that include ACME Markets, Jewel-Osco, Shaw’s and Star Markets, confirmed the possible breach of customer card data at multiple stores across the country, including Shaw’s and Star Markets in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.

AB Acquisition is offering affected customers 12-months worth of complimentary consumer identity protection services starting at 2 p.m. Friday, Aug. 15. To access those services, visit Shaw’s website at shaws.comor call AllClear ID at 1-855-865-4449.

Shaw's encourages customers to monitor their credit and debit cards and if they see any suspicious activity they should contact the issuing bank through the phone number listed on the back of the card. They should also call police and file a report of identity theft.

And, Shaw's does not ever request Social Security numbers, credit card numbers or other personal information by phone, text or email, so if customers are contacted by someone who says they are a Shaw's employee, the customer should not provide any personal information. Any such contact should be reported to police, Shaw's suggests.

Other stores that may have been breached include Jewel-Osco stores in Iowa, Illinois and Indiana; ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; and Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wayoming and Southern Utah.

On Friday, Bloomberg News reported that Minnesota-based Supervalu Inc. has also announced that customers' financial information may have been stolen from one of its 3,300 stores during the same time frame as the possible breach at Shaw’s.