BOSTON (AP) — Kroger Co. says private information, together with Social Safety numbers of a few of its pharmacy and clinic prospects, could have been stolen within the hack of a third-party vendor’s file-transfer service.
The Cincinnati-based grocery and pharmacy chain stated in an announcement Friday that it believes lower than 1% of its prospects have been affected — particularly some utilizing its Well being and Cash Providers — in addition to some present and former staff as a result of numerous personnel information have been apparently seen.
It says it’s notifying these probably impacted, providing free credit-monitoring.
Kroger stated the breach didn’t have an effect on Kroger shops’ IT programs or grocery retailer programs or information and there has up to now been no indication of fraud involving accessed private information.
The corporate, which has 2,750 grocery retail shops and a couple of,200 pharmacies nationwide, stated Sunday in response to questions from The Related Press that an investigation into the scope of the hack was ongoing.
A Kroger spokeswoman stated by way of electronic mail that affected affected person info may embody “names, electronic mail addresses, cellphone numbers, dwelling addresses, dates of beginning, Social Safety numbers” in addition to info on medical health insurance, prescriptions and medical historical past.
Federal regulation requires organizations that deal with private healthcare info to tell the Division of Well being and Human Providers of any information breaches.
Kroger stated it was amongst victims of the December hack of a file-transfer product referred to as FTA developed by Accellion, a California-based firm, and that it was notified of the incident on Jan. 23, when it discontinued use of Accellion’s companies. Firms use the file-transfer product to share massive quantities of knowledge and hefty electronic mail attachments.
Accellion has greater than 3,000 prospects worldwide. It has stated that the affected product was 20 years outdated and nearing the top of its life. The corporate stated on Feb. 1 that it had patched all recognized FTA vulnerabilities.
Different Accellion prospects affected by the hack embody the College of Colorado, Washington State’s auditor, Australia’s monetary regulator, the Reserve Financial institution of New Zealand and the distinguished U.S. regulation agency Jones Day.
For Washington State’s auditor, the hack was notably critical. Uncovered have been recordsdata on 1.6 million claims obtained in its investigation of huge unemployment fraud final yr.
Within the case of Day, cybercriminals looking for to extort the regulation agency dumped an estimated 85 gigabytes of knowledge on-line they claimed to have stolen.
Former President Donald Trump is amongst Day’s shoppers however the criminals informed the AP by way of electronic mail that not one of the information was associated to him. The AP reached out to the criminals with questions by way of electronic mail on the darkish web site the place they posted paperwork stolen from the regulation agency.
It’s not recognized if the criminals extorting Day have been additionally chargeable for the Accellion hack.