February 22, 2021

Accellion Security Incident Impacts Kroger and Limited Number of Customers

The Kroger Co. Family of Companies confirmed that it was impacted by the data security incident affecting Accellion, Inc. Accellion’s services were used by Kroger, as well as many other companies, for third-party secure file transfers. Accellion notified Kroger that an unauthorized person gained access to certain Kroger files by exploiting a vulnerability in Accellion’s file transfer service.

The incident was isolated to Accellion’s services and did not affect the Kroger Family of Companies’ IT systems or any grocery store systems or data. No credit or debit card information or customer account passwords were affected by this incident. After being informed of the incident’s effect on Jan. 23, 2021, Kroger discontinued the use of Accellion’s services, reported the incident to federal law enforcement and initiated its own forensic investigation to review the potential scope and impact of the incident.

At this time, based on the information provided by Accellion and its own investigation, Kroger believes that less than 1 percent of its customers, specifically customers of Kroger Health and Money Services, have been impacted. In addition, current and certain former associates will be notified that certain HR records have been impacted.

Protecting data is a priority for the Kroger Family of Companies and it is directly contacting all customers and associates who may have been affected to inform them of the incident. While Kroger has no indication of fraud or misuse of personal information as a result of this incident, out of an abundance of caution Kroger has arranged to offer credit monitoring to all affected individuals at no cost to them.

Additional information and future updates can be found at www.Kroger.com/AccellionIncident.

Subscribe to Grocery Insight