Supervalu Inc is in the early stages of investigating a potential data breach that could have affected more than 1,000 stores, the Wall Street Journal reported on Thursday, citing people with knowledge of the matter.
The data breach appears to have taken place in late June or early July, and may be due to malicious software installed by hackers on the US retailer's point-of-sale network, the people told the Journal. The company had 3,763 stores as of April, according to a regulatory filing.
The supermarket chain has not notified its customers about the data breach, the Journal reported the people as saying.
Supervalu could not be reached for a comment outside of business hours.
Companies in the US, particularly retailers, have been targeted by hackers for customer data on payment cards.
US retailer Target Corp is struggling to win back customers after it suffered a huge data breach last year that resulted in the theft of 40 million payment card numbers and 70 million other pieces of customer data such as email addresses and phone numbers.
Michaels Stores Inc, the biggest US arts and crafts retailer, said in May it also suffered a security breach that may have affected about 2.6 million payment cards.
Reuters reported in January that smaller breaches on at least three other well-known retailers in the country took place and were conducted using similar techniques as the one on Target.
Retailers are often reluctant to report breaches out of concern it could hurt their businesses. Target only acknowledged its 2013 attack after security blogger Brian Krebs reported the breach, prompting inquiries from journalists and investors.
Most states have laws that require companies to contact customers when certain personal information is compromised. In many cases the task of notification falls on the credit card issuer.
Merchants are required to report breaches of personal information including social security numbers.