Kroger, a titan in the US supermarket industry, is the latest company to fall victim to a data breach. In this case, the breach came about via a third-party service the company utilized called Accellion FTA.
Hackers were able to exploit a Zero-Day vulnerability in that software and use it to steal data from vendors using it. Kroger wound up in the crosshairs.
Kroger's official statement in response to the breach reads in part as follows:
"At this time, based on the information provided by Accellion and our own investigation, Kroger believes the categories of affected data may include certain associates' HR data, certain pharmacy records, and certain money services records.
Importantly, there was no impact to grocery store data or systems; credit or debit card information; or customer account passwords."
While it is good news indeed that no payment card information was stolen, the Federal government takes a dim view of anyone who loses control over medical information of any type. So this may land both companies in hot water, depending on the final findings of the investigation into the matter.
In any case, if you are a Kroger shopper, and especially if you make use of Kroger's pharmacy, be aware that some of your personal information may be compromised. That means that in the weeks and months ahead, you may be targeted by phishing emails in a bid to get enough information from you so that the hackers can steal your identity. Be on your guard against that.
It's also worth noting that Kroger is a big company, employing more than half a million people in nearly 3000 locations, nationwide, and with sales in excess of $122 billion. That's significant because it underscores that no company, regardless of how big, is safe from the hackers of the world. Stay vigilant, the year is still young.
About the Author
Marty Parker
Owner & General Manager
Marty is the Owner and General Manager of Heritage Digital. Marty has managed and built high-performing IT teams for over 30 years. He served 13 years in the manufacturing industry and 13 years in corporate-owned healthcare organizations. Before acquiring Heritage Digital, Marty was the Chief Information Officer of Carolinas Hospital System (now MUSC Health Florence Medical Center) in Florence, SC. Marty is passionate about educating and protecting people against cybercriminals.
