Albertsons recently was notified by its third party Internet Technology services provider of an attempted criminal intrusion seeking to obtain payment card information used in some of its stores in Washington and other states.
The Company has been informed that different malware was used in this recently discovered incident than was used in the incident previously announced in August. The investigations into both this incident and the earlier incident are ongoing.
A customer FAQ is available on the websites at albertsons.com. Although it has not yet been determined whether any cardholder data was in fact stolen, Albertsons is extending 12 months of complimentary consumer identity protection services through AllClear ID to customers whose payment cards may have been affected by this second attempt. At this early stage of the investigation, the Company is providing customers who shopped with them from Aug. 27, 2014 through Sept. 21, 2014 these identity protection services. Customers may visit the websites listed above for further information about the incident and about complimentary consumer identity protection services being offered, or call AllClear ID at 1-855-865-4449.
Albertsons promptly notified federal law enforcement authorities of this separate criminal incident, which apparently occurred in late August or early September 2014 and is cooperating in the efforts to investigate the matter and identify those responsible. Third party data forensics experts are supporting the investigation. The company has also notified the major payment card brands of this incident.
The new malware may have captured account numbers, expiration date, other numerical information and/or the cardholder’s name. At this time there has not been a determination that any payment card data was in fact stolen as a result of either incident. Measures have been taken to prevent further use of this new and different malware in the affected store locations. The company is also implementing additional measures to enhance the protection of customer payment card data.
“We take our responsibility to protect our customers’ payment card data seriously,” said Bob Miller, Chief Executive Officer at AB Acquisition LLC. “We sincerely regret that our customers’ data was targeted. As a company, our decisions are always focused on what is best for our customers, and we know this issue has inconvenienced them and caused concern. We are taking appropriate measures to enhance the protection of our customers’ payment card data. We are working closely with all parties on the investigation into this incident.”
Given the continuing nature of the investigations, it is possible that further details on time frames, and locations, in addition to that described above, will be identified in the future.
A free copy of your credit report can also be obtained from each of the credit bureaus once a year by going to http://www.annualcreditreport.com or calling 877-322-8228. Hearing impaired consumers can access TDD services at 877-730-4104.