On Jan. 23, Kroger learned that an unauthorized user gained access to Kroger’s pharmacy and money services files by manipulating a vulnerability in Accellion’s file transfer service.
Following the breach, Kroger stopped using Accellion’s services and initiated an investigation to discover the breadth of the incident.
Kroger said it believes less than 1 percent of customers were affected. In addition, former and current employee human resources records may have been impacted.
Customer account passwords, credit and debit card information were not affected.
While Kroger has no indication of fraud or misuse of personal information as a result of this incident, out of an abundance of caution Kroger has arranged to offer credit monitoring to all affected individuals at no cost to them.
More articles on cybersecurity:
IT vendor pays ransom to recover nearly 30,000 patients’ data stolen from California clinic, surgery center
New Mexico hospital’s computer network hacked
Facebook stops collection of user health data after New York investigation