Boston (Kroger Co.) said that this is one of multiple victims of a data breach involving a third-party provider’s file transfer service, and it is notifying potentially affected customers and providing them with free credit monitoring.
The Cincinnati-based grocery and pharmacy chain said in a statement Friday that it believes less than 1% of its customers have been affected-especially some customers who use its health and money services-as well as some current and former employees. , Because many personnel records have obviously been read.
Kraug blocks more locations in Seattle hazard pay authorization
Kroger said the vulnerability did not affect the IT system or grocery store system or data of Kroger stores, and there is no indication that fraud involving access to personal data has occurred.
The company has 2,750 grocery retail stores and 2,200 pharmacies across the country, but did not immediately answer questions including how many customers might be affected.
Kroger said that this was the victim of a hacker attack on a file transfer product called FTA developed by California-based Accellion in December, and he was notified of the incident when it stopped using Accellion’s services on January 23. Companies use file transfer products to share large amounts of data and large amounts of email attachments.
Click here to read more about FOX business
Accellion has more than 3,000 customers worldwide. It is said that the affected product has a history of 20 years and is close to its service life. The company said on February 1 that it had patched all known FTA vulnerabilities.
Other Accellion clients that were hacked included the University of Colorado, Washington State auditors, Australian financial regulators, the Reserve Bank of New Zealand, and the well-known US law firm Jones Day.
For auditors in Washington State, this hacking attack was particularly serious. A large-scale unemployment fraud investigation opened last year resulted in 1.6 million claims documents.
In the case of Jones Day, cybercriminals trying to blackmail the law firm claimed to have stolen about 85 GB of data online.
Former President Donald Trump was one of “Jones Day” customers, but the criminal told the Associated Press via email that there was no data related to him.