The Maine Office of the Attorney General disclosed a data breach targeting Albertsons Companies, Inc. between December 19, 2023, and January 12, 2024, stemming from credential theft via a fraudulent website. The incident compromised the personal information of 457 individuals, including four Maine residents, with Social Security numbers (SSNs) among the exposed data. The breach was initiated through phishing or credential-harvesting tactics, allowing unauthorized access to sensitive employee or customer records. While the exact scope of the attack (e.g., whether it involved internal systems or third-party vulnerabilities) remains undisclosed, the exposure of SSNs—a high-value target for identity theft and fraud—elevates the incident’s gravity. Such data can facilitate financial fraud, tax fraud, or long-term identity exploitation, posing lasting risks to affected individuals. Albertsons, a major U.S. grocery retailer, faces potential regulatory scrutiny (e.g., under state data breach laws) and reputational damage, as customers and employees may question the company’s cybersecurity safeguards. The breach underscores persistent threats from credential-based attacks, highlighting the need for robust multi-factor authentication (MFA) and employee cybersecurity training to mitigate similar future risks.

On April 20, 2023, the California Office of the Attorney General reported that Albertsons Companies, Inc. experienced a data breach where an unauthorized third party accessed its systems and potentially removed personal information between December 22 and December 24, 2022. The types of compromised information may include names, but specific details are unspecified, and the number of individuals affected is currently unknown.

The California Office of the Attorney General disclosed a data breach notification from AB Acquisition LLC on September 29, 2014, involving an attempted criminal incident targeting payment card data across multiple store locations. While the breach exposed potential vulnerabilities in the company’s payment systems, investigations could not confirm whether any actual payment card data was stolen. The incident raised concerns over the security of customer financial information, particularly in retail environments where transactional data is frequently processed. The breach highlighted risks associated with criminal cyber intrusions aimed at intercepting or exfiltrating sensitive payment details, though the lack of confirmed data theft suggested that preventive measures or early detection may have mitigated the full impact. However, the event still posed reputational risks, as public disclosure of such incidents can erode customer trust and prompt regulatory scrutiny. The company was required to notify affected parties and implement corrective actions to strengthen payment system defenses, including monitoring for fraudulent activity linked to the exposed cards. While no direct financial losses or large-scale fraud were reported, the breach underscored the persistent threat of cybercriminals targeting retail payment infrastructures, necessitating ongoing vigilance and investment in cybersecurity protocols to prevent future exploits.

The California Office of the Attorney General reported that AB Acquisition LLC, operating stores including Albertsons, experienced unauthorized access to payment card data from June 22, 2014, to July 17, 2014. The breach potentially affected an unspecified number of customers, and an investigation was ongoing to determine whether cardholder data was stolen.