Instacart Reveals Third Party Employees Accessed Customer Data

Instacart has reported a security incident in which two employees working for a third party vendor accessed its customers’ personal information. The company noted these individuals “reviewed more shopper profiles than was necessary in their roles as support agents.”

Information potentially viewed includes customer names, email addresses, telephone numbers, driver’s license numbers and thumbnail images of the driver’s licenses.

The grocery delivery and pick-up firm said that following a thorough investigation, conducted with a forensic analysis company, it has concluded that “no shopper data was stored, downloaded or digitally copied in any way.”

Instacart has since emailed the 2180 shoppers affected to notify them of the incident and the preventative measures taken. It is also offering two years of free credit monitoring and protection to these shoppers.

The company added that it has worked with the third party to ensure the two employees never work on behalf of Instacart again and has also suspended work at the particular third party support location.

For those shoppers who believe they have been impacted by the incident, Instacart said it is introducing a new dedicated shopper support process, and to help prevent such incidents occurring in the future, it is adding two-factor authentication to more aspects of the Shopper app.

Commenting on Instacart's statement, Keith Geraghty, solutions architect at Edgescan, said: “You can conduct all the vetting in the world of your employees, but it is not a sure fire way to protect yourself from these type of issues. What will help is good compliance standards. In technical terms, that means enforcing least privilege, keeping and reviewing log ..

Support the originator by clicking the read the rest link below.