Data Security Update

Updated: August 15, 2014

A Note to Our Valued Customers:

At New Albertson’s, Inc., nothing is more important to us than your trust. Our people work hard to earn that trust through offering great value, service and quality products.

These days, we know you are also concerned about the security of your payment card data, and we work hard to protect it. Unfortunately, like many other retailers over the past few years, Jewel-Osco has recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of its stores. The appropriate federal law enforcement authorities have been notified, and Jewel-Osco is working closely with its third party IT services provider, SUPERVALU, to better understand the nature and scope of the incident. Third-party data forensics experts are supporting an ongoing investigation. It has not yet been determined whether any cardholder data was in fact stolen, and currently we have no evidence of any misuse of customer payment information.

Importantly, Jewel-Osco believes that the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores.

Based on the latest information from the ongoing investigation, it appears that the period of unauthorized access may have started on June 22, 2014 (at the earliest) and ended on July 17, 2014 (at the latest).

We take our responsibility to our customers very seriously.  AB Acquisition LLC is offering customers whose payment cards may have been affected 12 months of complimentary consumer identity protection services through AllClear ID. Customers may visit https://abacquisition.allclearid.com for further information about the incident and about complimentary consumer identity protection services being offered, or call AllClear ID at 1-855-865-4449 beginning at 2:00pm MT (4:00pm ET) on August 19, 2014.  (Updated August 19th)

We understand the inconvenience and concern an incident like this can cause, and we deeply regret that our customers’ data was targeted. Thank you for your patience and understanding as we work through this issue. We value your business, as well as your trust, and we are committed to earning it.

Sincerely,

Shane Sampson, President, Jewel Osco

More details: Press Release

_________________________________________________________

Frequently Asked Questions:
Dated: August 15, 2014

Q: What happened?
We recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of our stores, which could include name, account number, expiration date or other numerical information. Importantly, sensitive information (like Social security numbers, birthdates or driver’s license information), and other personal information were not affected, because that information is not collected as part of the payment process.

The appropriate federal law enforcement authorities have been notified, and we are working closely with our IT services provider, SUPERVALU, to better understand the nature and scope of the incident. Third-party data forensics experts are supporting an ongoing investigation. We have not determined that any cardholder data was in fact stolen, and currently have no evidence of any misuse of any such data. We believe that the intrusion has been contained and are confident that our customers can safely use their credit and debit cards in our stores.

Jewel stores in the following states were impacted: Iowa, Illinois and Indiana.

From information we have at this time, we do not believe that any customer data was taken. However, out of an abundance of caution, if you used your credit or debit card in our stores between June 22, 2014 and July 17, 2014 you should monitor your credit and debit card account and contact the bank that issued your payment card immediately if you see suspicious activity.

Q: When did this event happen and what did Jewel-Osco do about it?
Based on our current investigation, it appears that the unauthorized access may have started as early as June 22, 2014 in our stores, and action was taken to contain the incident July 17, 2014. The appropriate federal authorities have been notified. We are working closely with our IT services provider, SUPERVALU.Third-party forensics experts are supporting an ongoing investigation. From information we have at this time, we do not believe that any customer data was taken.

Q: Am I at risk for identity theft or fraudulent use of my credit card?
It is unlikely that you are at risk of identity theft due to this incident. Generally, identity theft requires criminals to have access not only to your name and credit card information, but also your Social Security Number. That information is not captured in our payment process and could not have been accessed in this incident.

Q: Who should I call if I see suspicious activity in my bank or credit account transactions?
If you see unusual or suspicious activity on a payment card that you used at our store, you should immediately call the phone number on the back of that card to report it to the issuing bank. They can walk you through the steps to dispute the charges and protect your financial accounts.

Q: I received a call, text or e-mail from someone who said they were from Jewel-Osco asking for my social security number, credit card number, and/or other personal information. What should I do?
We do not request this type of information by phone, text or email, so you should not respond. Identity thieves often try to take advantage of situations like this. Please take down their information and report this scam to the authorities.

Q: What are you doing so it doesn’t happen again?
We are committed to protecting the security of our customer’s personal data, and we are working closely with SUPERVALU to implement additional security measures to reduce the likelihood that no such incident ever happens again.

UPDATED AUGUST 19 Q: What protections are being offered by Albertsons?
We are taking steps to protect your credit and debit card information. We will be providing one year of complimentary identity protection to affected customers. This coverage includes automatic protection with AllClear Secure for the next 12 months – there is no action required on your part to receive or enroll in this service. If a problem arises, simply call 1-855-865-4449 after Tuesday, August 19th, Monday through Saturday from 8:00am-8:00pm CT and a dedicated investigator will assist you in restoring your identity to its accurate state. Additional identity protection services that includes identity theft monitoring and a $1 million identity theft insurance policy will also be available. At that time more information about these services will be available at https://abacquisition.allclearid.com.

UPDATED AUGUST 19 Q: If I have additional questions, who can I contact?
Beginning August 19, you may call our toll-free customer information hotline at 1-855-865-4449 Monday through Saturday from 8:00am-8:00pm CT and a dedicated security professional will assist you in protecting your credit information. You can also reach out to us through Facebook www.facebook.com/jewelosco or through our website, www.jewelosco.com.

UPDATED AUGUST 16 Q: Will I receive any additional information or updates?
We will update this online information page with updates on the ongoing investigation.

MORE INFORMATION:
We understand that you may want more information on other actions you might consider. Additional information generally about data breaches can be obtained from the Federal Trade Commission by contacting the agency toll-free at 1-877-ID-THEFT (438-4338) (TTY: 1-866-653-4261), or writing to Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
A free copy of your credit report can be obtained from each of the credit bureaus once a year by going to http://www.annualcreditreport.com online, or calling toll free 877-322-8228. Hearing impaired consumers can access TDD service at 877-730-4104. You should monitor these reports. You may also place a fraud alert or security freeze on your credit report by contacting the credit bureaus as listed below.

Equifax
P.O. Box 740241
Atlanta, GA 30374
888-766-0008
www.equifax.com

Experian
P.O. Box 9554
Allen, TX 75013
888-397-3742
www.experian.com

TransUnion
P.O. Box 6790
Fullerton, CA 92834
800-680-7289
www.transunion.com

A security freeze will prevent new credit from being opened in your name without the use of a personal identification number or password that will be issued by the credit bureaus after you initiate the freeze. A security freeze will also prevent potential creditors from accessing your credit report without your authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, mortgages, employment, housing or other services. In order to place a security freeze, you may be required to provide the credit bureaus with information that identifies you, including your full name, social security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement. Credit bureaus may charge a fee up to $10 to place, lift, or remove the security freeze; however, this fee may be less in certain states (in MA, up to $5) or waived if you are the victim of identity theft and you provide a valid police report. You must separately place a security freeze on your credit file with each credit reporting agency.

Filing a Police Report for Suspicious Activity:
If you do find suspicious activity on the credit or debit card indicated in our notice to you or in your credit report, call your local police or sheriff’s office and file a police report of identity theft. Get a copy of the police report. You may need to give copies of the police report to creditors to clear up your records. In addition, you should report identity theft to your Attorney General and the Federal Trade Commission.

For Maryland Residents: The Maryland Attorney General provides information regarding identity theft at http://www.oag.state.md.us/idtheft/index.htm. You may also contact the Identity Theft Unit at (410) 576-6491, by email at idtheft@oag.state.md.us, and by mail at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202.