LEWISTON — Shaw’s supermarkets has posted a warning on its website that the company has recently discovered a security breach at a number of its stores, including some in Maine.

The company does not yet know whether credit and debit card information was stolen, but said the breach appears to have occurred between June 22 at the earliest and ended July 17 at the latest.

According to a note posted by Jim Rice, president of Shaw’s and Star Markets, “unfortunately, like many other retailers over the past few years,” Shaw’s has recently learned of an unlawful intrusion to obtain credit card payment information in some of its stores.”

The supermarket reported the possible breach to federal authorities, and is working with its third-party IT provider to get more detail on the nature and scope of the possible breach, and to shore up security measures to prevent any future breach.

The information that may have been compromised includes names, account numbers, expiration dates and other information on credit and debit cards, but does not include Social Security numbers or birth dates because this information is not collected during the electronic payment process, according to Shaw’s.

According to Rice’s written statement, “It has not yet been determined whether any cardholder data was in fact stolen, and currently we have no evidence of any misuse of customer payment information.”


According to Rice, the possible breach has been contained and customers “can safely use their credit cards and debit cards in stores.”

AB Acquisition, which operates Albertson’s stores that include ACME Markets, Jewel-Osco, Shaw’s and Star Markets, confirmed the possible breach of customer card data at multiple stores across the country, including Shaw’s and Star Markets in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.

The 21 stores Maine stores are in Auburn, Augusta, Bangor, Bath, Biddeford, Brunswick, Dover-Foxcroft, Ellsworth, Falmouth, Freeport, Lewiston, North Windham, Portland, Rockland, Saco, Sanford, Scarborough, South Portland, Waterville, Westbrook and Wiscasset.

AB Acquisition is offering affected customers 12 months worth of complimentary consumer identity protection services starting at 2 p.m. Friday, Aug. 15. To access those services, visit Shaw’s website at shaws.com or call AllClear ID at 1-855-865-4449.

Shaw’s encourages customers to monitor their credit and debit cards and if they see any suspicious activity they should contact the issuing bank through the phone number listed on the back of the card. They should also call police and file a report of identity theft.

And, Shaw’s never requests Social Security numbers, credit card numbers or other personal information by phone, text or email, so if customers are contacted by someone who says they are a Shaw’s employee, the customer should not provide any personal information. Any such contact should be reported to police, Shaw’s suggests.

Other stores that may have been breached include Jewel-Osco stores in Iowa, Illinois and Indiana; ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; and Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah.

On Friday, Bloomberg News reported that Minnesota-based Supervalu Inc. has also announced that customers’ financial information may have been stolen from one of its 3,300 stores during the same time frame as the possible breach at Shaw’s. 

Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.

filed under: