The Associated Press reports that Kroger Co. says it was among the multiple victims of a data breach involving a third-party vendor’s file-transfer service and is notifying potentially impacted customers, offering them free credit monitoring.
The AP says the Cincinnati-based grocery and pharmacy chain said in a statement Friday that it believes less than 1% of its customers were affected — specifically some using its Health and Money Services — as well as some current and former employees because a number of personnel records were apparently viewed.
Kroger tells the AP that the breach did not affect Kroger stores’ IT systems or grocery store systems or data and there was no indication that fraud involving accessed personal data had occurred.
The company, which has 2,750 grocery retail stores and 2,200 pharmacies nationwide, did not immediately respond to questions including how many customers might have been affected.
Kroger said it was among victims of the December hack of a file-transfer product called FTA developed by Accellion, a California-based company, and that it was notified of the incident on Jan. 23, when it discontinued use of Accellion’s services. Companies use the file-transfer product to share large amounts of data and hefty email attachments.