[ad_1]
BOSTON – Kroger Co. claims that personal data, including social security numbers of some of its pharmacy and clinic customers, may have been stolen as part of the hack into a third-party file transfer service.
The Cincinnati-based grocery and drugstore chain, whose subsidiaries include Fred Meyer and QFC in the Pacific Northwest, said in a statement Friday that it believes less than 1% of its customers have been affected – especially some using its health and money services – as well. like some current and former employees because a number of personal files have apparently been accessed.
He says he’s notifying those potentially affected, offering free credit monitoring.
Kroger said the breach did not affect computer systems or grocery systems or data at Kroger stores, and so far there was no indication of fraud involving access to personal data.
The company, which has 2,750 grocery stores and 2,200 pharmacies nationwide, said Sunday in response to questions from The Associated Press that an investigation into the scope of the hack was underway.
A spokeswoman for Kroger said via email that patient information could include “names, email addresses, phone numbers, home addresses, dates of birth, social security numbers” as well as information on health insurance, prescriptions and medical history.
Federal law requires organizations that process personal health information to notify the Department of Health and Human Services of any data breach.
Kroger said he was among the victims of the December hack of a file transfer product called FTA developed by Accellion, a California-based company, and was made aware of the incident on January 23, when ‘he has stopped using Accellion’s services. Businesses use the file transfer product to share large amounts of data and large attachments.
Accellion has more than 3,000 customers around the world. He said the affected product was 20 years old and was near the end of its life. The company said on February 1 that it fixed all known vulnerabilities in FTA.
Other Accellion clients affected by the hack include the University of Colorado, the Washington State auditor, the Australian financial regulator, the Reserve Bank of New Zealand, and prominent US law firm Jones Day. .
For the Washington state auditor, the hack was particularly serious. The files of 1.6 million compensation claims obtained as part of its investigation into massive unemployment fraud last year have been exposed.
In Day’s case, cybercriminals seeking to extort the law firm dumped around 85 gigabytes of data online that they claimed to have stolen.
Former President Donald Trump is among Day’s clients, but criminals told the AP by email that none of the data was linked to him. The AP contacted the criminals with questions via email to the dark website where they posted documents stolen from the law firm.
It’s unclear whether the criminals extorting Day were also responsible for the Accellion hack.
[ad_2]
Source link