Acme grocery chain discloses data breach

Acme, 11th and Passyunk, Philadelphia. (Emma Lee/WHYY)

Acme, 11th and Passyunk, Philadelphia. (Emma Lee/WHYY)

Adding to the list of companies with data breaches, Acme Markets Inc. announced Tuesday that it had identified an attempt by hackers to steal shoppers’ payment information. 

Although officials with the supermarket chain said there is no evidence yet that any data has been stolen, they are urging customers who used credit or debit cards at its tristate-area stores between Aug. 27 and Sept. 21 to monitor their accounts for fraudulent activity — and report any suspicious charges.

The potentially compromised information is limited to names, card numbers and expiration dates. Personal information, such as a birth date and Social Security number, that would allow criminals to open new credit cards in someone else’s name, was never recorded from the cards and is safe.

Anthony Giorgianni, an associate finance editor for Consumer Reports’ Money Adviser, said consumers should not panic.

  • WHYY thanks our sponsors — become a WHYY sponsor

“Generally, you’re not liable for whatever happened as a result of these breaches,” he said. “But it can be a pain to have to deal with some of the consequences.”

In addition to being vigilant in checking card statements, Giorgianni recommended that shoppers get their annual free credit reports from each of the three bureaus — and stagger them for an update every four months.

Paul Stephens of the Policy Rights Clearinghouse said that if hackers were able to access information, it would be most concerning to debit cardholders.

“It can take your financial institution up to two weeks to restore the funds to your account,” he said. “This can present a problem for many consumers who are living paycheck to paycheck.”

The breach is Acme’s second since June, although the company said each was caused by different malware.

Part of the reason why breaches are so common, said Stephens, is because the U.S. still uses a magnetic strip to encode information on cards. Most other developed nations use a more secure “chip” card.”The chip card is encrypted and generates a one-time use code, so that in the event of a breach, the information is essentially useless to a hacker,” he said.

American banks and retailers are in the process of updating their technology, and chip cards are expected to debut next October, but they will retain a magnetic strip to ease the transition.

Want a digest of WHYY’s programs, events & stories? Sign up for our weekly newsletter.

Together we can reach 100% of WHYY’s fiscal year goal