Kroger Co. says it is among several victims of a data breach involving a third party vendor’s file transfer service
BOSTON – Kroger Co. says it was among several victims of a data breach involving a third party vendor’s file transfer service and is notifying potentially affected customers by offering them free credit monitoring.
The Cincinnati-based supermarket and pharmacy chain said in a statement on Friday that it believes that less than 1% of its customers have been affected – specifically some using its health and money services – as well as some current and former employees, because several personnel records were apparently seen.
Kroger said the breach did not affect the IT systems at Kroger stores, nor the systems or data at supermarkets, and there is no indication that fraud has occurred involving personal data accessed.
The company, which has 2,750 retail food stores and 2,200 pharmacies across the country, did not immediately answer questions, including how many customers may have been affected.
Kroger said he was among the victims of the December hack of a file transfer product called FTA developed by Accellion, a California-based company, and who was notified of the incident on January 23, when he stopped using Accellion’s services. . Companies use the file transfer product to share large amounts of data and large e-mail attachments.
Accellion has more than 3,000 customers worldwide. He said the affected product was 20 years old and was nearing the end of its useful life. The company said on February 1 that it fixed all known vulnerabilities in the FTA.
Other Accellion clients affected by the hack include the University of Colorado, the Washington State auditor, Australia’s financial regulator, the Reserve Bank of New Zealand and the prominent American law firm Jones Day.
For the Washington State auditor, the hack was particularly serious. The files of 1.6 million complaints obtained in its massive unemployment fraud investigation last year were exposed.
In the case of Jones Day, cybercriminals looking to extort the law firm dumped about 85 gigabytes of data online that they claimed to have stolen.
Former President Donald Trump is among Jones Day’s clients, but the criminals told the Associated Press via email that none of the data was related to him.