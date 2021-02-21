



The grocery chain said it believes less than 1% of its customers are affected, along with some current and former employees.

BOSTON Kroger Co. claims that personal data, including social security numbers of some of its pharmacy and clinic customers, may have been stolen as part of the hacking into a third-party file transfer service. The Cincinnati-based grocery and drugstore chain said in a Friday statement that it estimates that less than 1% of its clients have been affected, particularly some using its health and money services as well as some current and former employees because a number of personal files have apparently been accessed. He says he’s notifying those potentially affected, offering free credit monitoring. Kroger said the breach did not affect computer systems or grocery systems or data at Kroger stores, and so far there was no indication of fraud involving access to personal data. RELATED: Massive Breach Fuels Calls for US Cybersecurity Action RELATED: Russian Hack Brings Change and Uncertainty to the US Justice System The company, which has 2,750 grocery stores and 2,200 pharmacies nationwide, said Sunday in response to questions from The Associated Press that an investigation into the scope of the hack was underway. A spokeswoman for Kroger said via email that the information on the affected patients could include names, email addresses, phone numbers, home addresses, dates of birth, social security numbers “as well as information about health insurance, prescriptions and medical history. Federal law requires organizations that process personal health information to notify the Department of Health and Human Services of any data breach. Kroger said he was among the victims of the December hack of a file transfer product called FTA developed by Accellion, a California-based company, and was made aware of the incident on January 23, when ‘he has stopped using Accellions’ services. Businesses use the file transfer product to share large amounts of data and large attachments. Accellion has more than 3,000 customers around the world. He said the affected product was 20 years old and was near the end of its life. The company declared on February 1 that it had fixed all known vulnerabilities of FTA. Other Accellion customers affected by the hack include University of Colorado, Washington State Auditor, Australian financial regulator, the Reserve Bank of New Zealand and prominent American law firm Jones Day. For the Washington state auditor, the hack was particularly serious. The files of 1.6 million compensation claims obtained as part of its investigation into massive unemployment fraud last year have been exposed. In Day’s case, cybercriminals seeking to extort the law firm approximately 85 gigabytes of data online, they claimed to have stolen. Former President Donald Trump is among Day’s clients, but criminals told the AP by email that none of the data was linked to him. The AP contacted the criminals with questions via email to the dark website where they posted documents stolen from the law firm. It’s unclear whether the criminals extorting Day were also responsible for the Accellion hack.

