New York City Aldi said the names, account numbers and secret codes of customers in 11 states were exposed to potential theft when they used payment cards at machines that had been tampered with, the Associated Press reported.
The company said in a statement Friday that altered payment terminals were illegally placed in some stores between June 1 and Aug. 31.
Aldi spokeswoman Michelle Williams declined to say how many stores or machines or customers were affected or describe any resulting thefts.
Police in the town of St. Charles, Ill., told The Associated Press they've received 32 reports of debit-card fraud from people who had shopped at Aldi.
Aldi operates more than 1,100 U.S. stores in 31 states from Kansas to the eastern seaboard.
In its statement, the second that Aldi has released about the breach, the company says it believes it has removed all the affected machines from stores, and it has adopted new security measures that Williams declined to detail.
The company said it does not believe that any employees were involved with the fraud.
The breach affected stores in parts of Connecticut; Georgia; Illinois; Indiana; Maryland; New Jersey; New York; North Carolina; Pennsylvania; South Carolina and Virginia.
The company is encouraging customers to carefully review and monitor their debit- and payment-card statements and their credit reports for unusual activity.
Customers who believe their payment cards were affected should immediately contact their bank or payment card company and local law-enforcement authorities, Aldi said.