Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Supermarket Chain Kroger Discloses Data Breach

Grocery and pharmacy chain Kroger has started informing customers and associates of a data breach involving Accellion’s file transfer service FTA.

The Cincinnati-based retail company operates more than 2,900 locations across 35 states and the District of Columbia, including department stores, hypermarkets, jewelry stores, supermarkets, and superstores.

Grocery and pharmacy chain Kroger has started informing customers and associates of a data breach involving Accellion’s file transfer service FTA.

The Cincinnati-based retail company operates more than 2,900 locations across 35 states and the District of Columbia, including department stores, hypermarkets, jewelry stores, supermarkets, and superstores.

In a data breach notification on its website, the company says that a data security incident involving Accellion’s FTA service has resulted in unauthorized access to certain Kroger data.

According to Kroger, information that might have been affected by the incident includes associates’ HR data, pharmacy records, and money services records.

“No grocery store data or systems, credit or debit card (including digital wallet) information, or customer account passwords were impacted,” the company underlines.

Kroger said it was informed of the incident on January 23 and that it has since discontinued the use of FTA, launched an investigation into the incident, and also contacted federal law enforcement on the matter.

“Kroger has no indication of fraud or misuse of personal information as a result of this incident. However, Kroger is directly notifying potentially impacted customers and associates through mail notices,” the company says.

Meant to provide secure file transfers, the FTA service was found recently to be riddled with vulnerabilities that allowed adversaries to access certain information of Accellion’s customers.

Advertisement. Scroll to continue reading.

Less than 50 organizations were using the file sharing service in mid-December, when the first vulnerabilities were discovered, but the number of affected individuals has at least seven figures.

Accellion has formally announced plans to retire FTA, a 20-year-old service, saying that it would honor ongoing license agreements past the end-of-life point, which has been set for April 30, 2021.

The Australian Securities and Investments Commission (ASIC), the Office of the Washington State Auditor (SAO), the Reserve Bank of New Zealand, and Singapore telecoms firm Singtel were among the organizations affected by the cyber-attack on FTA.

Prominent U.S.-based law firm Jones Day was also affected, and some of the information stolen from the organization was recently leaked online by the Clop ransomware gang, which is believed to be linked to the financially-motivated, Russian-speaking group known as TA505 and Hive0065.

Related: Enterprise Solutions Provider ‘Software AG’ Hit by Clop Ransomware

Related: Clothing Brand Bonobos Notifies Users of Data Breach

Related: Kawasaki Says Data Possibly Stolen in Security Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Tim McKnight has joined UnitedHealth Group as CISO following the Change Healthcare ransomware attack.

Zach Furness has joined MITRE as CISO.

Gregg R. Kendrick has been named CISO at Vanderbilt University.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.