Kroger reports data breach from third-party file transfer service

Kroger reports data breach from third-party file transfer service

Posted February 22, 2021

Kroger reports data breach from third-party file transfer service

  • Kroger said late Friday that it received notification from Palo Alto, Calif.-based Accellion that an unauthorized person had gained access to certain Kroger files by exploiting a vulnerability in Accellion’s secure file-transfer appliance product, Accellion FTA.
  • Based on information from Accellion and its own investigation, Kroger estimated that fewer than 1% of customers — specifically, from Kroger Health and Kroger Money Services — had data exposed, including certain pharmacy and money services records.
  • Accellion reported that an investigation by cybersecurity firm Mandiant identified “UNC2546” as the criminal hacker behind the cyberattacks and data breach involving Accellion FTA. Some FTA customers attacked by UNC2546 had received “extortion emails” threatening to publish stolen data, Accellion said.

– Russell Redman | February 22, 2021