Jewel-Osco has suffered a massive data breach that may have exposed millions of customers' information.

"As of this time, we have not determined that any card data was stolen, and there is no evidence of any misuse of our customers' data," said a spokeswoman for AB Acquisitions, the parent company of Jewel-Osco. "The investigation is ongoing."

The hack may have begun as early as June 22 and ended as late as July 17.

Based on the information revealed, Acme stores in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw's and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were all affected.

"We know our customers are concerned about the security of their payment card data, and we work hard to protect it," said Mark Bates, senior vice president and chief information officer at AB Acquisitions. "As soon as we were notified of the incident, we began working closely with Supervalu to determine what happened. It's important to note that there is no evidence at this point that consumer data has been misused."

Supervalu Inc. is Jewel-Osco's former owner and handles the payment technology in question at the chain. The company says it is working with Jewel-Osco on the problem. Supervalu's stores also were affected, although there also is no evidence the exposed data has been used.

In response to the breach, AB Acquisitions is offering customers a year of free identity theft protection.

The fact the data breach has just been discovered raises a number of security concerns.

"If someone's data was stolen, they should know about that as quickly as possible," said Michael Sutton, vice president of security research at Zscaler.

Despite these concerns, AB Acquisitions says it believes that the data breach has been contained and that users can safely use their cards in stores again. The company says that it will be posting more information regarding the breach within the next 24 hours.