BOSTON (AP) –
Kroger Co. says it is among several victims of a data breach involving a third-party vendor’s file transfer service and is notifying potentially affected customers by offering them free credit monitoring.
The Cincinnati supermarket and pharmacy chain said in a statement on Friday who believes that less than 1% of his customers have been affected – specifically some using his Health and Money Services – as well as some current and former employees because several personnel records have apparently been viewed.
Kroger said the breach did not affect the IT systems at Kroger stores, nor the systems or data at supermarkets, and there is no indication that fraud has occurred involving personal data accessed.
The company, which has 2,750 retail food stores and 2,200 pharmacies across the country, did not immediately answer questions, including how many customers may have been affected.
Kroger said he was among the victims of the December hack of a file transfer product called FTA developed by Accellion, a California-based company, and who was notified of the incident on January 23, when he stopped using Accellion’s services. . Companies use the file transfer product to share large amounts of data and large e-mail attachments.
Accellion has more than 3,000 customers worldwide. He said the affected product was 20 years old and was nearing the end of its useful life. The company said on February 1 which fixed all known FTA vulnerabilities.
Other Accellion customers affected by the hack include the University of Colorado, Washington State Auditor, Australia’s financial regulator, the Reserve Bank of New Zealand and the prominent US law firm Jones Day.
For the Washington State auditor, the hack was particularly serious. The files of 1.6 million complaints obtained in its massive unemployment fraud investigation last year were exposed.
In the case of Jones Day, cybercriminals looking to extort the law firm dumped about 85 gigabytes of data online, they claimed to have stolen.
Former President Donald Trump is among Jones Day’s clients, but the criminals told the Associated Press via email that none of the data was related to him.