Kroger Co. says he was among the multiple victims of a data breach involving a third-party file transfer service
BOSTON – Kroger Co. says it has been among the multiple victims of a data breach involving a third-party file transfer service and notifies potentially affected customers by offering them free credit monitoring.
The Cincinnati food and pharmacy chain said in a statement Friday that it believes less than 1 percent of its customers have been affected – especially some who use its health and money services – as well as some current and former employees. , because an apparently viewed was recorded.
Kroger stated that the breach did not affect the computer systems of Kroger stores or the systems or data of grocery stores and there is no indication that fraud involving personal data was accessed.
The company, which has 2,750 grocery stores and 2,200 pharmacies nationwide, did not immediately answer questions, including how many customers could have been affected.
Kroger said he was among the victims of the December hacking of a file transfer product called FTA developed by Accellion, a California company, and that he was notified of the incident on Jan. 23, when he stopped using Accellion services. Companies use the file transfer product to share large amounts of data and strong email attachments.
Accellion has over 3,000 customers worldwide. He said the affected product was 20 years old and nearing the end of its life. The company said on February 1 that it had fixed all known FTA vulnerabilities.
Other Accellion clients affected by the hack include the University of Colorado, the Washington State Auditor, the Australian Financial Regulatory Authority, the Reserve Bank of New Zealand and the American law firm Jones Day.
For the Washington state auditor, the hack was particularly serious. The files with 1.6 million applications obtained in his investigation of massive unemployment fraud last year were exposed.
In the case of Jones Day, cybercriminals who wanted to extort the law firm threw about 85 gigabytes of online data that they claimed to have stolen.
Former President Donald Trump is among Jones Day’s clients, but criminals told the Associated Press via email that none of the data is related to him.