Boston (Associated Press)-
Kroger Co. stated that this is one of the many victims of a data breach involving a third-party provider’s file transfer service, and it is notifying potentially affected customers and providing them with free credit monitoring.
The Cincinnati-based grocery and pharmacy chain said in a statement Friday It believes that less than 1% of its customers are affected-especially some customers who use its health and monetary services-as well as some current and former employees, because it apparently viewed many personnel records.
Kroger stated that the vulnerability did not affect the IT system or grocery store system or data of Kroger stores, and there is no indication that fraud involving access to personal data has occurred.
The company has 2,750 grocery retail stores and 2,200 pharmacies across the country, but did not immediately answer questions including how many customers might be affected.
Kroger said that this was the victim of a hacker attack on a file transfer product called FTA developed by Accellion in California in December, and was notified of the incident when the Accellion service was stopped on January 23. Companies use file transfer products to share large amounts of data and large amounts of email attachments.
Accellion has more than 3,000 customers worldwide. It is said that the affected product has a history of 20 years and is close to its service life.The company said on February 1
Other Accellion customers affected by the hack include the University of ColoradoAuditor in Washington State Australia’s financial regulator, the Reserve Bank of New Zealand and the well-known American law firm Jones Day (Jones Day).
For auditors in Washington State, this hacking attack was particularly serious. A large-scale unemployment fraud investigation opened last year resulted in 1.6 million claims documents.
In the case of Jones Daily, cybercriminals who tried to blackmail the law firm dumped about 85 GB of data They claimed to have been stolen online.
Former President Donald Trump was one of “Jones Day” customers, but the criminal told the Associated Press via email that there was no data related to him.