Sun-Times Media Wire
Friday, August 15, 2014
The parent company of Jewel-Osco announced Friday that some of its customers’ credit card data may be compromised after computer hacking – the company called it an “unlawful intrusion” – involving some of its stores, including those in Illinois and Indiana.
Customers who used a credit or debit card at Jewel-Osco between June 22 and July 17 may have their data compromised, according to a statement posted on the company’s website. However, the company, AB Acquisition, said they have since contained the intrusion and have yet to determine if any cardholder data was in fact stolen.
Jewel’s parent company is offering customers whose payment cards may have been affected 12 months of complimentary consumer identity protection services through allCLEAR ID. The number to call is 855-865-4449.
“We know our customers are concerned about the security of their payment card data, and we work hard to protect it,” Mark Bates, senior vice president and chief information officer at AB Acquisition LLC, said in a statement posted on the site. “It’s important to note that there is no evidence at this point that consumer data has been misused.”
“Consumers really need to be watchful, especially their bills, because everything’s computerized now. And I always tell consumers, check your bills, at least once a week to see what’s on there,” said Steve Bernas, Better Business Bureau.
The company has hired a third-party forensics team to investigate and the intrusion. AB Acquisition said it would release more have further information within the next day.
At the Jewel marketplace in River North, managers said they had seen little drop-off in customer traffic, but regulars were wary.
“I mean it makes me not want to shop here. If I had known that before I probably would have gone somewhere else,” said Lindsey Granville.
Cyber security expert Don Zoufal says last year the U.S. experienced 15 million identify thefts that cost $50 billion. When Target was hacked just before Christmas last year, he says a wake-up call went out to consumers. But the cascade of stolen information has carried on with restaurants, yacht clubs and even the U.S. government falling victim.
“One of the ways forward I think is to look at smart cards, which are cards that are encrypted with data about the individual so that ultimately the systems can identify the individuals,” said Zoufal.
There has also been a data breach at a number of Supervalu grocery stores, as well as at some of its stand-alone liquor shops.
The company said Friday that hackers accessed a network that processes store transactions. Account numbers, expiration dates, cardholders’ names and other information may have been stolen.
Stores in Minnesota, Virginia, Illinois, Maryland and Missouri may have been affected.
The cards from which data may have been stolen were used at 180 Supervalu stores, 29 Cub Foods stores and some liquor stores between June 22 and July 17.
Supervalu Inc. says that it hasn’t determined if any such cardholder data was actually stolen and that there’s no evidence of the data being misused, but that it was announcing the data breach out of “an abundance of caution.”
WLS-TV, the Sun-Times Media Wire and the Associated Press contributed to this report.