Kroger warns pharmacy customers’ personal data may have been stolen in hack
Some Kroger pharmacy customers’ data may have been stolen after hackers accessed a vendor’s file-transfer service, the grocery store chain said Friday.
While fewer than 1 percent of customers are believed to have been affected by the breach, the hackers also apparently viewed some current and former employees’ personnel records, according to The Associated Press.
Compromised information could include “names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers,” a spokeswoman told the AP. The company said it is informing anyone who may have been affected and offering them free credit monitoring. No stores’ IT or grocery store systems are believed to have been accessed.
Under federal law, the company was required to report its breach to the Department of Health and Human Services.
File-transfer product FTA was breached in December, and the grocery chain was informed the hack affected its data on Jan. 23, according to the AP. Accellion, which developed FTA, has more than 3,000 customers worldwide, including the University of Colorado, the auditor of the state of Washington and Australia’s financial regulation body, according to the AP.
Accellion, meanwhile, has said the product affected by the hack was about two decades old.
The hackers also accessed the law firm Jones Day. A group of hackers later dumped about 85 gigabytes of data stolen from the law firm online as part of an extortion scheme, but it is unclear whether it was the same hackers involved in the Accellion hack.
Although Day’s clients include former President Trump, the hackers have claimed none of his data was made public.