Grocery and pharmacy chain Kroger has started informing customers and associates of a data breach involving Accellion’s file transfer service FTA.
The Cincinnati-based retail company operates more than 2,900 locations across 35 states and the District of Columbia, including department stores, hypermarkets, jewelry stores, supermarkets, and superstores.
In a data breach notification on its website, the company says that a data security incident involving Accellion’s FTA service has resulted in unauthorized access to certain Kroger data.
According to Kroger, information that might have been affected by the incident includes associates’ HR data, pharmacy records, and money services records.
“No grocery store data or systems, credit or debit card (including digital wallet) information, or customer account passwords were impacted,” the company underlines.
Kroger said it was informed of the incident on January 23 and that it has since discontinued the use of FTA, launched an investigation into the incident, and also contacted federal law enforcement on the matter.
“Kroger has no indication of fraud or misuse of personal information as a result of this incident. However, Kroger is directly notifying potentially impacted customers and associates through mail notices,” the company says.
Meant to provide secure file transfers, the FTA service was found recently to be riddled with vulnerabilities that allowed adversaries to access certain information of Accellion’s customers.
Less than 50 organizations were using the file sharing service in mid-December, when the first vulnerabilities were discovered, but the number of affected individuals has at least seven figures.
Accellion has formally announced plans to retire FTA, a 20-year-old service, saying that it would honor ongoing li ..