A Boise, Idaho-based supermarket management company which operates Albertsons, Acme, Jewel-Osco and other supermarkets has reported a data breach that affects stores in 21 states.

AB Acquisition L.L.C. said in a statement Monday that it has recently learned of criminal intrusion seeking to obtain payment card information from its third-party information technology services provider, Eden Prairie, Minnesota-based SuperValu Inc.

It said the incident apparently occurred in late August or early September and it is cooperating with federal law enforcement authorities to identify those responsible.

It said the malware used in the incident is separate from that used in an earlier incident, which was reported Aug. 14.

The company said the new malware may have captured account numbers, expiration dates, other numerical information and/or the cardholder’s name. It said at this point there has not been a determination that any payment card data was in fact stolen as result of either incident.

The company said also measures have been taken to prevent further use of the new malware in affected store locations, and that it is implementing additional measures to enhance payment card data protection.

“We take our responsibility to protect our customers’ payment card data seriously,” said Bob Miller, CEO at AB Acquisition, in the statement. “We sincerely regret that our customers’ data was targeted. As a company, our decisions are always focused on what is best for our customers, and we know this issue has inconvenienced them and caused concern. We are taking appropriate measures to enhance the protection of our customers’ payment card data. We are working closely with all parties on the investigation into this incident.”

Affected were Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah; ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw’s and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.

The company said given the continuing nature of the investigations, it is possible that further details on time frames, and locations, in addition to those described above, will be identified in the future.

Earlier this week, SuperValu reported it had found malicious software at four of its Cub Foods franchise stores in Minnesota.