Lawsuit: Kroger didn’t safeguard employee and customer info, leading to data breach


According to the federal lawsuit, Kroger failed to adequately protect the personal information of some of its employees and customers, resulting in a data breach. According to Kroger, the data breach affected approximately 2% of customers.


Lawsuit Kroger didn't safeguard employee and customer info leading to data breach

The company has nearly half a million employees in more than 2,700 supermarkets across the country, but it has not disclosed how many employees have leaked personal information.

The lawsuit alleges that the data breach affected certain customers of Kroger pharmacies and medical clinics whose medical and personal information (such as name, address, date of birth and social security number) was compromised.

Kroger stores contain more than 2,200 pharmacies and more than 200 medical clinics.

The lawsuit was filed this month in U.S. District Court in Cincinnati, seeking class-action status.

A Kroger spokesman declined to comment on the lawsuit.

Kroger once said that credit and debit card information was not stolen. She said she learned of the abuse in late January, notified police, conducted her own investigation, and began sending reports to affected customers and employees on February 19.

More Kroger News

According to Kroger, the data breach involved third-party vendor Accellion, which handled the transfer of files and data, including some employee HR information and customer information. Accellion was confronted with a data breach on December 25. The lawsuit alleges that millions of people have been affected, including Kroger’s customers and employees.

The lawsuit alleges that Kroger is “fully aware” of Accelion’s data security on the platform Kroger uses. He said Accelion was encouraging Kroger to migrate to a newer, more secure file transfer platform. The lawsuit alleges that Kroger chose to use an “old and unsafe transportation platform.”

According to the lawsuit, this file transfer system has been around for twenty years.

Kroger has indicated on its website that it no longer uses the services of Accellion.

The lawsuit describes how an employee based in Hillsboro, Ohio, received a letter saying he would receive a two-year subscription to the credit monitoring service.

The lawsuit argues that such subscriptions are insufficient because the data in the violation has been permanently destroyed. So after the two-year subscription period expires, (the employees) will have to pay the credit check out of their pocket … for the rest of their lives.

In addition to the Kroger store, this supermarket also operates several regional supermarket chains in 35 states, including Fred Meyer, Harris Teeter, Mariano’s, Fry’s, Smith’s, King Soopers, QFC, etc.

More Updates: