CINCINNATI – Kroger confirmed Friday that it was affected by a data breach involving Accellion, Inc., a provider used by third-party providers for secure file transfers.
“Kroger believes that certain employee HR data, certain pharmacy records, and certain monetary service records are affected,” the company said on its website.
The company estimates that less than 1% of its customers were affected. The breach has no impact on IT systems or systems or data from grocery stores, Kroger said. No credit, debit card, or digital wallet information was affected, nor was customer account passwords used.
While Kroger said there was no indication of “fraud or misuse of personal information” as a result of the breach, the company is notifying potentially affected customers and employees via email. They also offer these individuals free credit monitoring “out of caution”.
The company said that Accellion informed Kroger on Jan. 23 that an unauthorized person had gained access to certain Kroger files by exploiting a vulnerability in Accellion’s file transfer service.
Since then, Kroger has ceased using Accellion’s services, reported the incident to federal law enforcement agencies, and initiated its own forensic investigation.
If you have any questions about the violation, you can reach Kroger’s dedicated call center at 1 (855) 558-2999 Monday through Friday between 6 a.m. and 8 p.m. and on weekends from 8 a.m. to 5 p.m.
More information can be found here.