Kroger: Some pharmacy customer data impacted in vendor hack
Kroger Co. says private knowledge together with Social Safety numbers of a few of its pharmacy and clinic prospects might have been stolen within the hack of a third-party vendor’s file-transfer service
By FRANK BAJAK AP Expertise Author
February 21, 2021, 5:34 PM
• three min learn
BOSTON — Kroger Co. says private knowledge, together with Social Safety numbers of a few of its pharmacy and clinic prospects, might have been stolen within the hack of a third-party vendor’s file-transfer service.
The Cincinnati-based grocery and pharmacy chain mentioned in a assertion Friday that it believes lower than 1% of its prospects had been affected — particularly some utilizing its Well being and Cash Companies — in addition to some present and former staff as a result of quite a few personnel information had been apparently considered.
It says it’s notifying these doubtlessly impacted, providing free credit-monitoring.
Kroger mentioned the breach didn’t have an effect on Kroger shops’ IT techniques or grocery retailer techniques or knowledge and there has up to now been no indication of fraud involving accessed private knowledge.
The corporate, which has 2,750 grocery retail shops and a pair of,200 pharmacies nationwide, mentioned Sunday in response to questions from The Related Press that an investigation into the scope of the hack was ongoing.
A Kroger spokeswoman mentioned by way of e mail that affected affected person data might embody “names, e mail addresses, telephone numbers, residence addresses, dates of delivery, Social Safety numbers” in addition to data on medical health insurance, prescriptions and medical historical past.
Federal legislation requires organizations that deal with private healthcare data to tell the Division of Well being and Human Companies of any knowledge breaches.
Kroger mentioned it was amongst victims of the December hack of a file-transfer product known as FTA developed by Accellion, a California-based firm, and that it was notified of the incident on Jan. 23, when it discontinued use of Accellion’s companies. Firms use the file-transfer product to share giant quantities of knowledge and hefty e mail attachments.
Accellion has greater than three,000 prospects worldwide. It has mentioned that the affected product was 20 years previous and nearing the top of its life. The firm mentioned on Feb. 1 that it had patched all identified FTA vulnerabilities.
Different Accellion prospects affected by the hack embody the College of Colorado, Washington State’s auditor, Australia’s monetary regulator, the Reserve Financial institution of New Zealand and the distinguished U.S. legislation agency Jones Day.
For Washington State’s auditor, the hack was notably critical. Uncovered had been information on 1.6 million claims obtained in its investigation of huge unemployment fraud final yr.
Within the case of Day, cybercriminals searching for to extort the legislation agency dumped an estimated 85 gigabytes of knowledge on-line they claimed to have stolen.
Former President Donald Trump is amongst Day’s purchasers however the criminals informed the AP by way of e mail that not one of the knowledge was associated to him. The AP reached out to the criminals with questions by way of e mail on the darkish web site the place they posted paperwork stolen from the legislation agency.
It isn’t identified if the criminals extorting Day had been additionally chargeable for the Accellion hack.
You Might Also Like
The chat over lunch went effectively — so effectively, in reality, it could cement the muse of a brand new...
QAnon remains to be round. Getty Pictures President Joe Biden took workplace on Jan. 20, however believers in QAnon, a...