Jewel-Osco revealed Monday that hackers attempted to obtain payment card information at some of its stores in late August and early September.
The intrusion is separate from an earlier incident reported by the company in August, and used a different type of malware, according to information posted on the company's web site.
Company officials say the hackers may have captured "account numbers, expiration dates, other numerical information and/or cardholder names," but it's not known whether they were successful in capturing the customer data.
Illinois, Indiana, and Iowa Jewel-Osco customers who used a credit card from June 22 through July 17 or between Aug. 27 and Sept. 21 are encouraged to monitor their credit and debit card accounts and promptly contact the bank in case of suspicious activity.
Federal authorities have been contacted and third-party forensics experts are investigating the intrusion, according to Jewel-Osco officials.
Jewel customer Alan Rebok said Tuesday that he plans to cancel his account after erroneous activity appeared last week.
"I tried to use my ATM card and it said maxed out. The next day it worked and then I heard the stories this morning and I'm like, 'Oh wow,'" he said.
Officials have not yet confirmed if any customer information was in fact stolen as a result of the breach.
"I think every business needs to think about beefing up their cyber security," said customer Nate Lucero.
The company is offering free consumer identity protection services to anyone affected. Call 855-865-4449 for more information. Customers also can call the Illinois attorney general's office identity theft hotline at 866-999-5630.