CINCINNATI — Kroger confirmed Friday that it was impacted by a data security breach affecting Accellion, Inc., a vendor it used for third-party secure file transfers.
"Kroger believes certain associate HR data, certain pharmacy records, and certain money services records have been affected," the company said on its website.
The company believes that fewer than 1% of its customers were impacted. The breach did not affect IT systems or any grocery store systems or data, Kroger said. No credit, debit card or digital wallet information were affected by the breach, nor were customer account passwords.
While Kroger said there is no indication of "fraud or misuse of personal information" due to the breach, the company is notifying potentially impacted customers and associates by mail. They are also offering free credit monitoring to those individuals "out of an abundance of caution."
The company said Accellion notified Kroger on Jan. 23 that an unauthorized person gained access to certain Kroger files by exploiting a vulnerability in Accellion’s file transfer service.
Kroger has since stopped using Accellion’s services, reported the incident to federal law enforcement and started its own forensic investigation.
If you have questions about the breach, Kroger's dedicated call center at 1 (855) 558-2999 can be reached Monday through Friday between 6 a.m. and 8 p.m. PT, and weekends from 8 a.m. to 5 p.m. PT.
For more information, click here.