US grocery and pharmacy chain’s customer data impacted in vendor hack


Kroger Co says it was among the multiple victims of a data breach involving a third-party vendor’s file-transfer service and is notifying potentially impacted customers, offering them free credit monitoring. The Cincinnati-based grocery and pharmacy chain said in a statement on Feb 19, 2021, that it believes less than 1% of its customers were affected, specifically some using its Health and Money Services, as well as some current and former employees because a number of personnel records were apparently viewed. — AP

BOSTON: Kroger Co says personal data, including Social Security numbers of some of its US pharmacy and clinic customers, may have been stolen in the hack of a third-party vendor’s file-transfer service.

The Cincinnati-based grocery and pharmacy chain said in a statement Friday that it believes less than 1% of its customers were affected – specifically some using its Health and Money Services – as well as some current and former employees because a number of personnel records were apparently viewed.

It says it is notifying those potentially impacted, offering free credit-monitoring.

Kroger said the breach did not affect Kroger stores’ IT systems or grocery store systems or data and there has so far been no indication of fraud involving accessed personal data.

The company, which has 2,750 grocery retail stores and 2,200 pharmacies nationwide, said Sunday in response to questions from The Associated Press that an investigation into the scope of the hack was ongoing.

A Kroger spokeswoman said via email that affected patient information could include “names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers” as well as information on health insurance, prescriptions and medical history.

Federal law requires organisations that handle personal healthcare information to inform the US Department of Health and Human Services of any data breaches.

Kroger said it was among victims of the December hack of a file-transfer product called FTA developed by Accellion, a California-based company, and that it was notified of the incident on Jan 23, when it discontinued use of Accellion’s services. Companies use the file-transfer product to share large amounts of data and hefty email attachments.

Accellion has more than 3,000 customers worldwide. It has said that the affected product was 20 years old and nearing the end of its life. The company said on Feb 1 that it had patched all known FTA vulnerabilities.

Other Accellion customers affected by the hack include the University of Colorado, Washington State’s auditor, Australia’s financial regulator, the Reserve Bank of New Zealand and the prominent US law firm Jones Day.

For Washington State’s auditor, the hack was particularly serious. Exposed were files on 1.6 million claims obtained in its investigation of massive unemployment fraud last year.

In the case of Day, cybercriminals seeking to extort the law firm dumped an estimated 85 gigabytes of data online they claimed to have stolen.

Former US president Donald Trump is among Day’s clients but the criminals told the AP via email that none of the data was related to him. The AP reached out to the criminals with questions via email on the dark website where they posted documents stolen from the law firm.

It is not known if the criminals extorting Day were also responsible for the Accellion hack. – AP

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3
   

Did you find this article insightful?

Yes
No

Next In Tech News

Used electric car batteries are heading to factories and farms
Sony to open PlayStation 5 for storage upgrades in summer
Samsung Galaxy Buds Pro: All set to make waves
The school leader getting New Mexico’s tribes online
Sharing ‘deepfake’ porn images should be a crime, says British law body
Electronic Arts cancels ‘Gaia’ game after years in development
Factbox: Keeping fintech in Britain fit after Brexit
Britain sets out blueprint to keep fintech 'crown' after Brexit
Former Kuaishou executive arrested for alleged corruption amid anti-bribery pressure on China’s Big Tech
Facebook launches PR campaign to defend targeted ads in spat with Apple

Stories You'll Enjoy


Vouchers