Kroger: Hackers might have stolen customer data
BOSTON — Kroger Co. says personal data, including Social Security numbers of some of its pharmacy and clinic customers, may have been stolen in the hack of a third-party vendor’s file-transfer service.
The Cincinnati-based grocery and pharmacy chain said in a statement Friday that it believes less than 1 percent of its customers were affected — specifically some using its Health and Money Services — as well as some current and former employees because a number of personnel records were apparently viewed.
It says it is notifying those potentially affected, offering free credit monitoring.
Kroger said the breach did not affect Kroger stores’ IT systems or grocery store systems or data, and there has been no indication of fraud involving accessed personal data.
The company, which has 2,750 grocery retail stores and 2,200 pharmacies nationwide — including Smith’s in Southern Nevada — said Sunday in response to questions from The Associated Press that an investigation into the scope of the hack was ongoing.
A Kroger spokeswoman said via email that affected patient information could include “names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers,” as well as information on health insurance, prescriptions and medical history.
Federal law requires organizations that handle personal health care information to inform the Department of Health and Human Services of any data breaches.
Kroger said it was among victims of the December hack of a file-transfer product called FTA developed by Accellion, a California-based company, and that it was notified of the incident on Jan. 23, when it discontinued use of Accellion’s services.