According to security researcher Brian Krebs, Kroger has contacted the customers concerned and is advising them to call a recorded 1-800 phone line for recorded advice.
"A call to the 1-800 number included in the missive connects to a lengthy recorded message warning customers about an increase in phishing attacks and spam targeting Kroger customers", he said in his latest security blog.
Krebs goes on to note that the disclosure follows on from similar acknowledgements from McDonalds, Walgreens, Honda, deviantART, and most recently Play.com.
"They appear to be the lingering fallout from a series of sophisticated, targeted attacks against dozens of email service providers (ESPs) that manage communications between some of the world's top brands and customers that have opted-in to receive messages from these companies", he explained.
In most cases, says Krebs, the spam sent to customers of these companies is promoting 'dodgy' services and software, although he adds that it is clear which email service provider may have leaked the Kroger customer information, but it seems that few - if any - ESPs have escaped injury.
In his research into the Kroger supermarket email database hack, the security researcher says that he called a marketing company called SilverPop because a source forwarded a junk email message which appears to have been sent directly from the firm's internal email systems.
"The missive is an offer to download Adobe Reader, and recipients who click the included link are brought to a page that tries to charge them for the free software. This approach is almost identical to the scam emails sent out directly after the successful attacks against email services providers in November of last year", he said.
"My initial reporting on this attack against the email service provider industry indicates that most of the providers in the industry had client customer data stolen", he added.
Krebs went on to say that a weekend story in Cincinnati Business Courier claims the breach occurred at Epsilon, an email service provider headquartered in Dallas.