fb-pixel Skip to main content

Shaw’s, Star Market customers could be affected by data breach

The parent company of Shaw’s and Star Market said credit and debit card data may have been compromised.Essdras M Suarez/Globe staff/file 2013/Globe Staff

The parent company of Shaw’s and Star Market grocery stores said customers’ credit and debit card data may have been compromised in a data breach earlier this summer.

AB Acquisition LLC, an Idaho-based company that owns Shaw’s, Star Market, and several other regional supermarket chains, said in a statement that someone had gained unauthorized access to the computer systems of Supervalu Inc., which formerly owned Shaw’s and other supermarket brands and still maintains their computer systems.

In a press release, AB Acquisition said that although its systems were breached, it was unclear whether credit and debit card data such as card numbers, expiration dates, and PIN codes had actually been stolen and misused. It said the data breach started June 22 at the earliest and ended no later than July 17.


The company said its computer systems had been secured since the discovery of the breach and that it was safe to use credit and debit cards in its stores.

Data thefts have been on the rise in the United States in recent years. In 2007, more than 90 million records were compromised when Framingham department store operator TJX Cos. was hacked. More recently, a hacking incident at retailing giant Target Corp. revealed in December cost the company $148 million and led to the resignation of its chief executive.

The P.F. Chang’s restaurant chain reported in June that 33 of its restaurants had their customer payment card data compromised for as long as eight months, and other retailers, including Neiman Marcus, have reported being hacked in the months since.

In Massachusetts, hacking incidents have risen from 384 in 2008 to 1,174 in 2013, according to the attorney general’s office. An additional 333 data breaches were reported in the first quarter of 2014.

Data breaches are reported to the attorney general’s office and the Office of Consumer Affairs and Business Regulation. A spokesperson for the attorney general’s office said it was aware of the breach, but had not yet received information regarding its scope by the banks whose cardholders were affected. The consumer affairs office also said it had not yet received a report.


AB Acquisition also said it had made contact with federal investigators. The Secret Service confirmed it was investigating the computer breach.

Shaw’s has 59 locations in Massachusetts, according to a tool on the company’s website. Star Market has 19 stores in Massachusetts, according to a similar tool on its website. A spokesman for both chains did not return a request for confirmation.

AB Acquisition is controlled by Cerberus Capital Management, a private equity firm that owns Steward Health Care System LLC. Steward operates St. Elizabeth’s Medical Center and Carney Hospital in Boston along with eight other acute care hospitals, a rehabilitation center, and a large physicians group in Eastern Massachusetts.

AB Acquisition operates 1,060 stores in 29 states.

Jack Newsham can be reached at jack.newsham@globe.com. Follow him on Twitter @TheNewsHam.