BATAVIA, Ill. (AP) — Grocery chain Aldi Inc. says the names, account numbers and secret codes of customers in 11 states were exposed to potential theft when they used payment cards at machines that had been tampered with.
The company said in a statement Friday that altered payment terminals were illegally placed in some stores between June 1 and August 31.
Aldi spokeswoman Michelle Williams declined to say how many stores or machines or customers were affected or describe any resulting thefts.
But the Chicago Tribune has reported that more than 200 people who had shopped at an Aldi store in Wheeling, Ill., told law enforcement officials there were unauthorized withdrawals of $100 to $900 from their accounts related to the data exposure.
Police in the town of St. Charles, Ill., told The Associated Press they've received 32 reports of debit card fraud from people who had shopped at Aldi.
Aldi operates more than 1,100 U.S. stores in 31 states from Kansas to the eastern seaboard.
In its statement, the second that Aldi has released about the breach, the company says it believes it has removed all the affected machines from stores, and it has adopted new security measures that Williams declined to detail.
The company said it does not believe that any employees were involved with the fraud.
The breach affected stores in parts of Connecticut, Georgia, Illinois, Indiana, Maryland, New Jersey, New York, North Carolina, Pennsylvania, South Carolina and Virginia.
The company is encouraging customers to carefully review and monitor their debit and payment card statements and their credit reports for unusual activity.
Customers who believe their payment cards were affected should immediately contact their bank or payment card company and local law enforcement authorities, Aldi said.
Customers with questions can call (877) 412-7152 toll-free, Monday through Friday, between 9 a.m. CDT and 4:30 p.m. central or visit www.aldi.us.