Ace Mart Restaurant Supply Discloses Data Breach Affecting Customers, Restaurant Clients

Ace Mart Restaurant Supply reported a data breach to the Attorney General of Texas on Feb. 17, 2026, saying sensitive personally identifiable information in its systems may have been accessed by an unauthorized third party. Strauss Borrelli PLLC, which posted a notice about the incident, said Ace Mart “has begun providing notice to impacted individuals” but that the company had not publicly released further details as of Feb. 18, 2026.

Strauss Borrelli quotes the text of the Attorney General filing when listing the types of data that “may” have been exposed. The law firm wrote: “While the information impacted varies depending on the individual, the type of information potentially exposed includes: Name Social Security number Driver’s license number Financial information (account number, credit or debit card number) [...]” Strauss Borrelli also stated that “the Ace Mart data breach involved sensitive personal information belonging to an undetermined number of individuals.”

The law firm has opened an investigation and is soliciting contacts from people who received breach notification letters from Ace Mart. Strauss Borrelli’s notice instructs affected parties: “If you received a breach notification letter from Ace Mart Restaurant Supply: We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.” That phone number and email are provided in the firm’s public advisory.

Ace Mart is described in reporting as “a supplier and vendor to restaurants and hospitality operators.” Industry-tracking outlets and at least one class-action notice flagged the incident in the immediate aftermath of the Feb. 17 disclosure. What remains unclear from the Attorney General filing and the law firm’s summary is the scope and technical nature of the intrusion: Strauss Borrelli’s materials do not specify how long unauthorized access may have occurred, whether files were exfiltrated, whether full cardholder data or CVV numbers were exposed, or whether Ace Mart has contracted forensic vendors or is offering credit monitoring to impacted individuals.

Restaurants and hospitality operators that do business with Ace Mart should preserve any notification letters and transaction records and request the full breach report Ace Mart filed with the Texas Attorney General. Strauss Borrelli’s contact details above provide one path for legal inquiry; the Attorney General’s public breach report should list the dates of unauthorized access, the categories of data involved, and the company’s stated remediation steps.

Separately, materials in the reporting set describe a different cyberattack affecting Ace Hardware, the Oak Brook, Illinois-based retailer, in which CEO John Venhuizen told franchise owners that “many of our key operating systems, including ACENET, our Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards and the Care Center's phone system have been interrupted or suspended. More specifically, the impact of this incident is resulting in disruptions to your shipments.” That Ace Hardware incident included reporting of roughly 1,400 servers and 3,500 networked devices across the network and is not linked in available materials to the Ace Mart breach.