Grocery chain Kroger informed customers and employees it was among one of the victims of a data breach involving third-party vendor Accellion’s file-transfer service.
"The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group," Bleeping Computer reports. "Unlike previous attacks by these groups, the Clop file-encrypting malware was not deployed. It appears that the actors opted for an extortion campaign. After stealing the data, they threatened victims over email with making stolen information publicly available on the Clop leak site unless a ransom was paid."
Kroger, which is the parent company of Ralphs, Harris Teeter, Fry’s, Fred Meyer, and more, believes that less than 1% of its customers, specifically customers of Kroger Health and Money Services, have been impacted. However, certain HR records of current and some former associates have been impacted and this employees will be notified.
The breach occurred when the unauthorized person gained access to certain Kroger files by exploiting a vulnerability in Accellion's service. The retailer said the incident did not affect the Kroger Family of Companies' IT systems or any grocery store systems or data. It also noted no credit or debit card information or customer account passwords were hacked.
After being informed of the incident's effect on January 23, 2021, Kroger discontinued the use of Accellion's services, reported the incident to federal law enforcement, and initiated its own forensic investigation to review the potential scope and impact of the incident.
Kroger is directly contacting all customers and associates who may have been affected through mail notices and will offer free credit monitoring to all affected individuals.