Kroger confirmed Feb. 19 that some pharmacy customers may be affected by Accellion's data breach, which they employed for third-party file transfers.
On Jan. 23, Kroger learned that an unauthorized user gained access to Kroger's pharmacy and money services files by manipulating a vulnerability in Accellion's file transfer service.
Following the breach, Kroger stopped using Accellion's services and initiated an investigation to discover the breadth of the incident.
Kroger said it believes less than 1 percent of customers were affected. In addition, former and current employee human resources records may have been impacted.
Customer account passwords, credit and debit card information were not affected.
While Kroger has no indication of fraud or misuse of personal information as a result of this incident, out of an abundance of caution Kroger has arranged to offer credit monitoring to all affected individuals at no cost to them.