Supervalu, the third-largest food retailer in the US, has begun an investigation after a network intrusion was discovered that may have resulted in criminals compromising customer data from its point-of-sale systems.

The unauthorized access began at some point after June 22 and lasted until July 17 at the latest. It is feared that the intrusion resulted in the theft of data from 180 Supervalu grocery stores.

The data breach may also have affected customers of an unspecified number of Albertsons, ACME Markets, Jewel-Osco, Shaw’s and Star Markets stores in 21 states.

“The safety of our customers’ personal information is a top priority for us,” Supervalu president and CEO Sam Duncan said in a statement earlier today. “The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data. I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores.”

Potential Payment Card Theft

The type of data which has potentially been accessed consists of payment card numbers, cardholders’ names, card expiration dates and ‘other numerical information’, which Supervalu is yet to define.

A list of the affected stores, all of which are in Illinois, Maryland, Minnesota, Missouri, North Carolina, North Dakota and Virginia, is available.

“We are sending out email and paper mail notices to all customers who are active participants in our stores’ customer loyalty program, My CUB Rewards, as we have contact information for these customers,” the company says in a data breach FAQ. It also says that thanks to security remediation efforts, it believes it’s safe for customers to use credit and debit cards in its stores once again.