On its website the company, which includes Raley's, Nob Hill, Food Source stores and Aisle One fuel stations, the firm called the attack "complex," and said it is trying to determine if customer data has been compromised.
"At this time, the company has not confirmed any unauthorized access to payment card data, but its investigation remains ongoing," a statement on the company's website says. "Raley's does not believe that debit PINs could have been accessed."
The company has taken "a series of immediate steps" to enhance security measures already in place to protect customer data, and says "customers can continue using their payment cards in its stores."
The website notes that the company does not collect Social Security or driver's license numbers, and issued a list of steps customers should take:
* Check and monitor your bank and credit card statements for evidence of unauthorized transactions;
* Contact your bank or credit card company if you identify suspicious charges; and
* Know that cardholders are not held responsible for fraudulent charges made by unauthorized parties if reported promptly to the card issuer.
Raley's has a response team to answer customer questions and will provide customers updates as they become available.
"We are working around the clock to gather details to determine the extent of any possible compromise of customer information," a statement from Raley's President and CEO Mike Teel said.
Customers can reach Raley's response team from 7 a.m. to 10 p.m. daily at (800) 925-9989 or at Raleys.com.