Kroger has confirmed it was among the companies affected by the data security incident that hit Accellion, according to a press release. An unauthorized person gained access to certain company files.
The release stated this incident was confined only to Accellion, not affecting Kroger stores or its IT systems.
Kroger was informed of the attack on Jan. 23 and discontinued its use of Accellion’s services, according to the release. The company then reported the incident to federal law enforcement and did its own investigation into the scope and impact that the hack could have had.
The release stated that as of Sunday (Feb. 21), the company has consulted Accellion’s data and its own, and it has concluded that less than 1 percent of customers for Kroger Health and Money Services were impacted.
Additionally, current and some former associates will be notified that some human resources records were impacted, the release stated.
“Protecting data is a priority for the Kroger Family of Companies, and it is directly contacting all customers and associates who may have been affected to inform them of the incident,” the release stated. “While Kroger has no indication of fraud or misuse of personal information as a result of this incident, out of an abundance of caution, Kroger has arranged to offer credit monitoring to all affected individuals at no cost to them.”
The attack comes as the Securities and Exchange Commission (SEC) has warned of an increasing amount of cyberattacks on companies. Chairman Jay Clayton said corporate America needs to do more to make sure its data is safe. In particular, recent tumultuous events like the pandemic and the U.S. presidential election have proven ripe for fraudsters to sow misinformation.
In October, the SEC had 30 alerts for various businesses and industries, and there have been warnings for ransomware and attacks on service providers.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More