BOSTON — Kroger Co. claims individual information, consisting of Social Security varieties of a few of its drug store and also facility clients, might have been taken in the hack of a third-party supplier’s file-transfer solution.
The Cincinnati-based grocery store and also drug store chain stated in a statement Friday that it thinks much less than 1% of its clients were influenced — especially some utilizing its Health and also Money Services — in addition to some present and also previous workers since a variety of workers documents were obviously watched.
It claims it is alerting those possibly affected, using totally free credit-monitoring.
Kroger stated the violation did not influence Kroger shops’ IT systems or supermarket systems or information and also there has actually until now been no indicator of scams entailing accessed individual information.
The firm, which has 2,750 grocery store stores and also 2,200 drug stores across the country, stated Sunday in action to inquiries from The Associated Press that an examination right into the range of the hack was continuous.
A Kroger spokesperson stated through e-mail that influenced individual info might consist of “names, e-mail addresses, contact number, house addresses, days of birth, Social Security numbers” as well as information on health insurance, prescriptions and medical history.
Federal law requires organizations that handle personal healthcare information to inform the Department of Health and Human Services of any data breaches.
Kroger said it was among victims of the December hack of a file-transfer product called FTA developed by Accellion, a California-based company, and that it was notified of the incident on Jan. 23, when it discontinued use of Accellion’s services. Companies use the file-transfer product to share large amounts of data and hefty email attachments.
Accellion has more than 3,000 customers worldwide. It has said that the affected product was 20 years old and nearing the end of its life. The company said on Feb. 1 that it had patched all known FTA vulnerabilities.
Other Accellion customers affected by the hack include the University of Colorado, Washington State’s auditor, Australia’s financial regulator, the Reserve Bank of New Zealand and the prominent U.S. law firm Jones Day.
For Washington State’s auditor, the hack was particularly serious. Exposed were files on 1.6 million claims obtained in its investigation of massive unemployment fraud last year.
In the case of Day, cybercriminals seeking to extort the law firm dumped an estimated 85 gigabytes of data online they claimed to have stolen.
Former President Donald Trump is among Day’s clients but the criminals told the AP via email that none of the data was related to him. The AP reached out to the criminals with questions via email on the dark website where they posted documents stolen from the law firm.
It is not known if the criminals extorting Day were also responsible for the Accellion hack.